Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,809
Erlang
36
GitHub Actions
31
Go
2,393
Maven
5,000+
npm
4,026
NuGet
720
pip
3,818
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

782 advisories

Loading
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-52333 was published Nov 22, 2024
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2023-51639 was published Nov 22, 2024
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2024-52771 was published Nov 20, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11312 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11315 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11314 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11311 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11313 was published Nov 18, 2024
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over... Critical Unreviewed
CVE-2024-50648 was published Nov 15, 2024
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Critical Unreviewed
CVE-2024-50649 was published Nov 15, 2024
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... Critical Unreviewed
CVE-2024-11150 was published Nov 13, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Critical Unreviewed
CVE-2024-46888 was published Nov 12, 2024
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is... Critical Unreviewed
CVE-2024-10470 was published Nov 9, 2024
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-10625 was published Nov 9, 2024
jj vulnerable to path traversal via crafted Git repositories Critical
CVE-2024-51990 was published for jj-lib (Rust) Nov 7, 2024
joernchen yuja
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path... Critical Unreviewed
CVE-2024-39332 was published Oct 31, 2024
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The... Critical Unreviewed
CVE-2024-5982 was published Oct 29, 2024
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows... Critical Unreviewed
CVE-2024-37847 was published Oct 25, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow... Critical Unreviewed
CVE-2024-41717 was published Oct 23, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-49286 was published Oct 20, 2024
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File... Critical Unreviewed
CVE-2019-25213 was published Oct 16, 2024
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up... Critical Unreviewed
CVE-2024-9047 was published Oct 12, 2024
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs... Critical Unreviewed
CVE-2024-46446 was published Oct 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database