Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

713 advisories

Loading
Path Traversal in ImpressCMS Critical
CVE-2022-24977 was published for impresscms/impresscms (Composer) Feb 15, 2022
An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent.... Critical Unreviewed
CVE-2021-26619 was published Feb 19, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet... Critical Unreviewed
CVE-2021-42854 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed
CVE-2021-42787 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed
CVE-2021-42853 was published Mar 11, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private... Critical Unreviewed
CVE-2021-45887 was published Mar 14, 2022
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. Critical Unreviewed
CVE-2022-1000 was published Mar 18, 2022
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer... Critical Unreviewed
CVE-2020-25176 was published Mar 19, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between... Critical Unreviewed
CVE-2021-45967 was published Mar 19, 2022
Path Traversal in Studio-42 elFinder through 2.1.60 Critical
CVE-2022-26960 was published for studio-42/elfinder (Composer) Mar 22, 2022
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path... Critical Unreviewed
CVE-2022-0679 was published Mar 29, 2022
Path traversal in Hadoop Critical
CVE-2022-26612 was published for org.apache.hadoop:hadoop-common (Maven) Apr 8, 2022
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which... Critical Unreviewed
CVE-2021-36288 was published Apr 9, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27277 was published Apr 11, 2022
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Critical Unreviewed
CVE-2021-22794 was published Apr 14, 2022
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes... Critical Unreviewed
CVE-2021-43741 was published Apr 14, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a... Critical Unreviewed
CVE-2021-43290 was published Apr 15, 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This... Critical Unreviewed
CVE-2022-29464 was published Apr 20, 2022
ytnef has directory traversal Critical Unreviewed
CVE-2009-3887 was published Apr 21, 2022
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter... Critical Unreviewed
CVE-2022-1390 was published Apr 26, 2022
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter... Critical Unreviewed
CVE-2022-1391 was published Apr 26, 2022
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Critical Unreviewed
CVE-2022-29806 was published Apr 27, 2022
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360... Critical Unreviewed
CVE-2022-29081 was published Apr 29, 2022
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass... Critical Unreviewed
CVE-2004-0847 was published Apr 29, 2022
PEAR::Archive_Tar Directory Traversal vulnerability Critical
CVE-2006-0931 was published for pear/archive_tar (Composer) May 1, 2022
Rudloff
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database