GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
100 advisories
Filter by severity
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
High
CVE-2024-42485
was published
for
pxlrbt/filament-excel
(Composer)
Aug 12, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
High
GHSA-hx3m-959f-v849
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Twig Path Traversal vulnerability in the filesystem loader
Moderate
GHSA-7cvr-xhm5-x998
was published
for
twig/twig
(Composer)
May 30, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
phpMyFAQ Path Traversal in Attachments
Low
CVE-2024-29196
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
Grav File Upload Path Traversal
High
CVE-2024-27921
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Appwrite Directory Traversal vulnerability
High
CVE-2022-25377
was published
for
appwrite/server-ce
(Composer)
Feb 23, 2024
Path disclosure in JavaScript variable
Moderate
CVE-2024-26129
was published
for
prestashop/prestashop
(Composer)
Feb 21, 2024
Path Traversal in TYPO3 File Abstraction Layer Storages
Moderate
CVE-2023-30451
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Winter CMS Local File Inclusion through Server Side Template Injection
Low
CVE-2023-52085
was published
for
winter/wn-backend-module
(Composer)
Jan 2, 2024
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal
Moderate
GHSA-3gjc-mp82-fj4q
was published
for
typo3/cms-core
(Composer)
Dec 25, 2023
•
withdrawn
Potential URI resolution path traversal in the AWS SDK for PHP
Moderate
CVE-2023-51651
was published
for
aws/aws-sdk-php
(Composer)
Dec 21, 2023
PHPMemcachedAdmin Path Traversal vulnerability
Critical
CVE-2023-6026
was published
for
elijaa/phpmemcacheadmin
(Composer)
Nov 30, 2023
OroPlatform vulnerable to path traversal during temporary file manipulations
High
CVE-2022-41951
was published
for
oro/platform
(Composer)
Nov 27, 2023
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Moderate
CVE-2023-43648
was published
for
baserproject/basercms
(Composer)
Oct 26, 2023
OpenCart Path Traversal vulnerability
High
CVE-2023-2315
was published
for
opencart/opencart
(Composer)
Sep 27, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Critical
CVE-2015-5467
was published
for
yiisoft/yii2
(Composer)
Sep 21, 2023
Cecil Path Traversal vulnerability
High
CVE-2023-4914
was published
for
cecil/cecil
(Composer)
Sep 12, 2023
PrestaShop file access through path traversal
Moderate
CVE-2023-39528
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop path traversal
Moderate
CVE-2023-39525
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
Moderate
CVE-2023-38708
was published
for
pimcore/pimcore
(Composer)
Aug 3, 2023
ProTip!
Advisories are also available from the
GraphQL API