GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,622 advisories
Filter by severity
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited,...
High
Unreviewed
CVE-2024-7961
was published
Sep 12, 2024
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component ...
High
Unreviewed
CVE-2024-44867
was published
Sep 10, 2024
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7...
High
Unreviewed
CVE-2024-37728
was published
Sep 10, 2024
nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of...
High
Unreviewed
CVE-2024-45845
was published
Sep 10, 2024
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe...
High
Unreviewed
CVE-2024-44720
was published
Sep 9, 2024
A path traversal vulnerability allows an attacker with a low-privileged account and local access...
High
Unreviewed
CVE-2024-40712
was published
Sep 7, 2024
A vulnerability has been discovered in Node.js version 20, specifically within the experimental...
High
Unreviewed
CVE-2023-30584
was published
Sep 7, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions...
High
Unreviewed
CVE-2023-51366
was published
Sep 6, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is...
High
Unreviewed
CVE-2024-45175
was published
Sep 5, 2024
Path traversal vulnerability in stripe-cli
High
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user...
High
Unreviewed
CVE-2024-45178
was published
Sep 5, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory...
High
Unreviewed
CVE-2024-8104
was published
Sep 4, 2024
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute...
High
Unreviewed
CVE-2024-34656
was published
Sep 4, 2024
@actions/download-artifact has an Arbitrary File Write via artifact extraction
High
GHSA-cxww-7g56-2vh6
was published
for
actions/download-artifact
(GitHub Actions)
Sep 3, 2024
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
Ollama can extract members of a ZIP archive outside of the parent directory
High
CVE-2024-45436
was published
for
github.com/ollama/ollama
(Go)
Aug 29, 2024
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows...
High
Unreviewed
CVE-2024-6789
was published
Aug 27, 2024
unzip-stream allows Arbitrary File Write via artifact extraction
High
GHSA-6jrj-vc65-c983
was published
for
unzip-stream
(npm)
Aug 26, 2024
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management)...
High
Unreviewed
CVE-2024-45241
was published
Aug 26, 2024
Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
High
Unreviewed
CVE-2024-42992
was published
Aug 23, 2024
An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03,...
High
Unreviewed
CVE-2024-43022
was published
Aug 21, 2024
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability...
High
Unreviewed
CVE-2024-6141
was published
Aug 21, 2024
Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File...
High
Unreviewed
CVE-2024-7601
was published
Aug 21, 2024
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This...
High
Unreviewed
CVE-2024-7600
was published
Aug 21, 2024
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability....
High
Unreviewed
CVE-2024-7603
was published
Aug 21, 2024
ProTip!
Advisories are also available from the
GraphQL API