GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
Moderate
CVE-2024-45816
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
High
CVE-2024-43399
was published
for
mobsf
(pip)
Aug 19, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui
Moderate
CVE-2024-4330
was published
for
lollms
(pip)
Jun 2, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
NiceGUI allows potential access to local file system
High
CVE-2024-32005
was published
for
nicegui
(pip)
Apr 12, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
Helm dependency management path traversal
Moderate
CVE-2024-25620
was published
for
helm.sh/helm/v3
(Go)
Feb 15, 2024
registry-support: decompress can delete files outside scope via relative paths
High
CVE-2024-1485
was published
for
github.com/devfile/registry-support/registry-library
(Go)
Feb 14, 2024
Unsecured endpoints in the jupyter-lsp server extension
High
CVE-2024-22415
was published
for
jupyter-lsp
(pip)
Jan 18, 2024
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
Moderate
CVE-2023-40026
was published
for
github.com/argoproj/argo-cd
(Go)
Sep 27, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Cecil Path Traversal vulnerability
High
CVE-2023-4914
was published
for
cecil/cecil
(Composer)
Sep 12, 2023
Kubernetes vulnerable to path traversal
Moderate
CVE-2022-3162
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
Buildah (as part of Podman) vulnerable to Path Traversal
Low
CVE-2022-4123
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Moderate
CVE-2022-23531
was published
for
guarddog
(pip)
Dec 2, 2022
DNN vulnerable to Relative Path Traversal
Moderate
CVE-2022-2922
was published
for
DotNetNuke.Core
(NuGet)
Oct 1, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
Path Traversal in Eclipse Vert
Critical
CVE-2019-17640
was published
for
io.vertx:vertx-web
(Maven)
Feb 10, 2022
Upload of file to arbitrary path in Apache Flink
High
CVE-2020-17518
was published
for
org.apache.flink:flink-runtime
(Maven)
Feb 9, 2022
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
High
CVE-2021-41127
was published
for
rasa
(pip)
Oct 22, 2021
Relative Path Traversal in git-delta
High
CVE-2021-36376
was published
for
git-delta
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API