GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,162
Erlang
30
GitHub Actions
19
Go
1,966
Maven
5,000+
npm
3,694
NuGet
653
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
6,159 advisories
Filter by severity
A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this...
Moderate
Unreviewed
CVE-2024-10379
was published
Oct 25, 2024
Marinus Pfund, member of the AXIS OS Bug Bounty Program,
has found the VAPIX API ledlimit.cgi...
Moderate
Unreviewed
CVE-2024-0067
was published
Sep 10, 2024
A path deletion vulnerability was addressed by preventing vulnerable code from running with...
High
Unreviewed
CVE-2024-44159
was published
Oct 28, 2024
A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS...
High
Unreviewed
CVE-2024-44255
was published
Oct 28, 2024
Buildah allows arbitrary directory mount
Moderate
CVE-2024-9675
was published
for
github.com/containers/buildah
(Go)
Oct 9, 2024
PEAR::Archive_Tar Directory Traversal vulnerability
Critical
CVE-2006-0931
was published
for
pear/archive_tar
(Composer)
May 1, 2022
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-50508
was published
Oct 30, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-50509
was published
Oct 30, 2024
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the...
Moderate
Unreviewed
CVE-2024-9676
was published
Oct 15, 2024
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful...
Moderate
Unreviewed
CVE-2024-25614
was published
Mar 5, 2024
SQL injection in funadmin
High
CVE-2024-48224
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows...
Critical
Unreviewed
CVE-2024-37847
was published
Oct 25, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The...
Critical
Unreviewed
CVE-2024-5982
was published
Oct 29, 2024
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800,...
High
Unreviewed
CVE-2024-45262
was published
Oct 24, 2024
Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an...
High
Unreviewed
CVE-2023-35003
was published
Oct 28, 2024
Starlette has Path Traversal vulnerability in StaticFiles
Moderate
CVE-2023-29159
was published
for
starlette
(pip)
May 17, 2023
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read...
Moderate
Unreviewed
CVE-2024-34245
was published
May 14, 2024
SaltStack Salt Directory Traversal vulnerability
High
CVE-2021-25282
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt is vulnerable Arbitrary Directory Access
High
CVE-2020-11652
was published
for
salt
(pip)
May 24, 2022
S3Scanner allows Directory Traversal
Moderate
CVE-2021-32061
was published
for
s3scanner
(pip)
Nov 30, 2021
Werkzeug safe_join not safe on Windows
Moderate
CVE-2024-49766
was published
for
Werkzeug
(pip)
Oct 25, 2024
rdiffweb Path Traversal vulnerability
High
CVE-2022-3389
was published
for
rdiffweb
(pip)
Oct 6, 2022
A post-authentication arbitrary file read vulnerability within the server plugins section in...
High
Unreviewed
CVE-2024-35308
was published
Oct 22, 2024
ProTip!
Advisories are also available from the
GraphQL API