Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

717 advisories

Loading
Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. Critical Unreviewed
CVE-2024-24482 was published Feb 2, 2024
Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB,... Critical Unreviewed
CVE-2023-7077 was published Feb 5, 2024
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-0221 was published Feb 6, 2024
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is... Critical Unreviewed
CVE-2023-6989 was published Feb 6, 2024
Stimulsoft Dashboard.JS directory traversal vulnerability Critical
CVE-2024-24398 was published for stimulsoft-dashboards-js (npm) Feb 6, 2024
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42... Critical Unreviewed
CVE-2023-40266 was published Feb 9, 2024
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File... Critical Unreviewed
CVE-2024-26261 was published Feb 15, 2024
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal... Critical Unreviewed
CVE-2024-23476 was published Feb 15, 2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal... Critical Unreviewed
CVE-2024-23479 was published Feb 15, 2024
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to... Critical Unreviewed
CVE-2024-25065 was published Feb 29, 2024
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory... Critical Unreviewed
CVE-2024-25830 was published Feb 29, 2024
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the... Critical Unreviewed
CVE-2024-27764 was published Mar 6, 2024
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process... Critical Unreviewed
CVE-2024-28222 was published Mar 7, 2024
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21400 was published Mar 12, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification Critical
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal... Critical Unreviewed
CVE-2023-6825 was published Mar 13, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access Critical
CVE-2024-27102 was published for github.com/pterodactyl/wings (Go) Mar 15, 2024
KurtThiemann aft2d
matthewpi
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow... Critical Unreviewed
CVE-2024-27768 was published Mar 18, 2024
This vulnerability allows access to arbitrary files in the application server file system due to... Critical Unreviewed
CVE-2024-2227 was published Mar 22, 2024
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation... Critical Unreviewed
CVE-2024-25693 was published Apr 4, 2024
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when... Critical Unreviewed
CVE-2024-31848 was published Apr 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database