Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,992 advisories

Loading
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access... Moderate Unreviewed
CVE-2024-34653 was published Sep 4, 2024
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Critical Unreviewed
CVE-2024-7950 was published Sep 4, 2024
Directory traversal vulnerability in the cust module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-45443 was published Sep 4, 2024
@actions/download-artifact has an Arbitrary File Write via artifact extraction High
GHSA-cxww-7g56-2vh6 was published for actions/download-artifact (GitHub Actions) Sep 3, 2024
holmanb
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-43957 was published Aug 29, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-43955 was published Aug 29, 2024
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2024-8304 was published Aug 29, 2024
Ollama can extract members of a ZIP archive outside of the parent directory High
CVE-2024-45436 was published for github.com/ollama/ollama (Go) Aug 29, 2024
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory... Critical Unreviewed
CVE-2024-44761 was published Aug 28, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a... Moderate Unreviewed
CVE-2024-7744 was published Aug 28, 2024
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all... Moderate Unreviewed
CVE-2024-6312 was published Aug 28, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-4556 was published Aug 28, 2024
A path traversal vulnerability exists in the Xiaomi File Manager application product... Moderate Unreviewed
CVE-2023-26321 was published Aug 28, 2024
The product allows user input to control or influence paths or file names that are used in... Critical Unreviewed
CVE-2024-3980 was published Aug 27, 2024
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows... High Unreviewed
CVE-2024-6789 was published Aug 27, 2024
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology... Moderate Unreviewed
CVE-2024-8163 was published Aug 26, 2024
A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network... Moderate Unreviewed
CVE-2024-8165 was published Aug 26, 2024
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0... Critical Unreviewed
CVE-2024-45256 was published Aug 26, 2024
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management)... High Unreviewed
CVE-2024-45241 was published Aug 26, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45188 was published for mage-ai (pip) Aug 23, 2024
Mage AI Path Traversal vulnerability Moderate
CVE-2024-45189 was published for mage-ai (pip) Aug 23, 2024
Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability. High Unreviewed
CVE-2024-42992 was published Aug 23, 2024
Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through... Moderate Unreviewed
CVE-2023-7260 was published Aug 22, 2024
ProTip! Advisories are also available from the GraphQL API