Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized... Low Unreviewed
CVE-2023-34117 was published Jul 11, 2023
Graylog server has partial path traversal vulnerability in Support Bundle feature Low
CVE-2023-41044 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
weiweiwei9811
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a... Low Unreviewed
CVE-2023-25186 was published Jun 16, 2023
A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this... Low Unreviewed
CVE-2023-3241 was published Jun 14, 2023
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3,... Low Unreviewed
CVE-2022-42474 was published Jun 13, 2023
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter... Low Unreviewed
CVE-2023-2117 was published May 30, 2023
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal... Low Unreviewed
CVE-2023-27409 was published May 9, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1... Low Unreviewed
CVE-2023-29128 was published May 9, 2023
Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access... Low Unreviewed
CVE-2023-21448 was published Feb 9, 2023
The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input... Low Unreviewed
CVE-2022-4109 was published Jan 3, 2023
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as... Low Unreviewed
CVE-2022-4773 was published Dec 28, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Low
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Low
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
EC-CUBE Directory traversal vulnerability Low
CVE-2022-40199 was published for ec-cube/ec-cube (Composer) Sep 28, 2022
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An... Low Unreviewed
CVE-2022-37703 was published Sep 14, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory... Low Unreviewed
CVE-2022-2945 was published Sep 7, 2022
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app... Low Unreviewed
CVE-2022-36168 was published Aug 27, 2022
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in... Low Unreviewed
CVE-2022-27621 was published Aug 4, 2022
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to... Low Unreviewed
CVE-2022-33690 was published Jul 13, 2022
Path Traversal in XWiki Platform Low
CVE-2022-29253 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 1, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the... Low Unreviewed
CVE-2021-43264 was published May 24, 2022
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other... Low Unreviewed
CVE-2020-36314 was published May 24, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write Low
CVE-2020-8567 was published for github.com/Azure/secrets-store-csi-driver-provider-azure (Go) May 24, 2022
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by... Low Unreviewed
CVE-2020-15858 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database