GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,045 advisories
Filter by severity
Buildah allows arbitrary directory mount
Moderate
CVE-2024-9675
was published
for
github.com/containers/buildah
(Go)
Oct 9, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
Remote Code Execution via traversal in TAL expressions
High
CVE-2021-32674
was published
for
Zope
(pip)
Jun 8, 2021
Remote Code Execution via traversal in TAL expressions
High
CVE-2021-32633
was published
for
Zope
(pip)
Jun 18, 2021
Duplicate Advisory: Path Traversal in Zope
High
GHSA-5vq5-pg3r-9ph3
was published
for
Zope
(pip)
Jun 10, 2021
•
withdrawn
Duplicate Advisory: Path Traversal in Zope
High
GHSA-962m-m8jw-8wrr
was published
for
Zope
(pip)
Jun 15, 2021
•
withdrawn
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
DotNetZip Directory Traversal vulnerability
High
CVE-2024-48510
was published
for
DotNetZip
(NuGet)
Nov 13, 2024
UBI Reader vulnerable to Path Traversal
Moderate
CVE-2022-4572
was published
for
ubi-reader
(pip)
Dec 17, 2022
uWSGI Directory Traversal vulnerability
High
CVE-2018-7490
was published
for
uWSGI
(pip)
May 14, 2022
Tryton Directory Traversal vulnerability
High
CVE-2013-4510
was published
for
trytond
(pip)
May 17, 2022
FitNesse Path Traversal
Moderate
CVE-2024-42499
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
Path traversal vulnerability in stripe-cli
Low
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Moderate
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
Jenkins Remoting library arbitrary file read vulnerability
High
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
Owncast Path Traversal vulnerability
Moderate
CVE-2024-31450
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
aiohttp is vulnerable to directory traversal
High
CVE-2024-23334
was published
for
aiohttp
(pip)
Jan 29, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
High
CVE-2023-50731
was published
for
mindsdb
(pip)
Dec 15, 2023
Apache Airflow Path Traversal vulnerability
High
CVE-2023-22887
was published
for
apache-airflow
(pip)
Jul 12, 2023
JSZip contains Path Traversal via loadAsync
Moderate
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Low
CVE-2022-23530
was published
for
guarddog
(pip)
Dec 5, 2022
ProTip!
Advisories are also available from the
GraphQL API