GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,016 advisories
Filter by severity
An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability...
High
Unreviewed
CVE-2021-46104
was published
Jan 20, 2022
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
Moderate
Unreviewed
CVE-2021-46203
was published
Jan 20, 2022
Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal...
Moderate
Unreviewed
CVE-2021-41551
was published
Jan 19, 2022
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate...
Moderate
Unreviewed
CVE-2022-22054
was published
Jan 15, 2022
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch...
High
Unreviewed
CVE-2021-23514
was published
Jan 14, 2022
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.
Moderate
Unreviewed
CVE-2021-28376
was published
Jan 13, 2022
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
Moderate
Unreviewed
CVE-2021-28377
was published
Jan 13, 2022
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in...
High
Unreviewed
CVE-2020-29050
was published
Jan 11, 2022
The CaasKit module has a path traversal vulnerability. Successful exploitation of this...
Moderate
Unreviewed
CVE-2021-40001
was published
Jan 11, 2022
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability...
Moderate
Unreviewed
CVE-2021-40003
was published
Jan 11, 2022
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated...
Moderate
Unreviewed
CVE-2022-22836
was published
Jan 11, 2022
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download...
High
Unreviewed
CVE-2021-44351
was published
Jan 7, 2022
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the...
Moderate
Unreviewed
CVE-2021-25020
was published
Jan 4, 2022
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache...
Moderate
Unreviewed
CVE-2021-25021
was published
Jan 4, 2022
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability...
Moderate
Unreviewed
CVE-2021-44674
was published
Jan 4, 2022
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability ...
High
Unreviewed
CVE-2021-37126
was published
Jan 4, 2022
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2021-37128
was published
Jan 4, 2022
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this...
High
Unreviewed
CVE-2021-39970
was published
Jan 4, 2022
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due...
Critical
Unreviewed
CVE-2021-45427
was published
Dec 31, 2021
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an...
High
Unreviewed
CVE-2021-20133
was published
Dec 31, 2021
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an...
High
Unreviewed
CVE-2021-20134
was published
Dec 31, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily...
Critical
Unreviewed
CVE-2020-20944
was published
Dec 28, 2021
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession...
Moderate
Unreviewed
CVE-2021-20876
was published
Dec 25, 2021
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected...
High
Unreviewed
CVE-2021-45418
was published
Dec 23, 2021
A directory traversal vulnerability exists in the Web Manager File Upload functionality of...
High
Unreviewed
CVE-2021-21879
was published
Dec 23, 2021
ProTip!
Advisories are also available from the
GraphQL API