Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Path traversal in elFinder.NetCore High
CVE-2021-23428 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib Moderate
CVE-2018-1002208 was published for SharpZipLib (NuGet) May 13, 2022
DNN vulnerable to Relative Path Traversal Moderate
CVE-2022-2922 was published for DotNetNuke.Core (NuGet) Oct 1, 2022
Authenticated path traversal in Umbraco CMS Moderate
CVE-2020-5811 was published for UmbracoCms (NuGet) Apr 13, 2021
Directory Traversal in elFinder.AspNet High
CVE-2021-23415 was published for elFinder.AspNet (NuGet) Aug 9, 2021
Path Traversal in elFinder.Net.Core High
CVE-2021-23407 was published for elFinder.Net.Core (NuGet) Aug 2, 2021
Path Traversal in SharpZipLib High
CVE-2021-32840 was published for SharpZipLib (NuGet) Feb 1, 2022
Path Traversal in SharpZipLib Moderate
CVE-2021-32841 was published for SharpZipLib (NuGet) Feb 1, 2022
Path Traversal in SharpZipLib Moderate
CVE-2021-32842 was published for SharpZipLib (NuGet) Feb 1, 2022
Directory Traversal in SharpCompress Moderate
CVE-2018-1002206 was published for sharpcompress (NuGet) Sep 11, 2019
geoffodonnell
DNN Path Traversal via Zip Slip High
CVE-2020-5187 was published for DotNetNuke.Core (NuGet) May 24, 2022
CoreFTP Directory Traversal Moderate
CVE-2019-9648 was published for CoreFtp (NuGet) May 14, 2022
Directory traversal + file write causing arbitrary code execution High
CVE-2023-30626 was published for Jellyfin.Controller (NuGet) Apr 24, 2023
theGEBIRGE
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
CuteSoft CuteEditor Path Traversal vulnerability Moderate
CVE-2009-4665 was published for CuteEditor (NuGet) May 2, 2022
Partial path traversal in sharpcompress Moderate
CVE-2021-39208 was published for sharpcompress (NuGet) Sep 20, 2021
JarLob geoffodonnell
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users High
CVE-2024-41799 was published for Tgstation.Server.Api (NuGet) Jul 29, 2024
SandPoot Cyberboss
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
rockfordlhotka
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. Low
CVE-2023-49089 was published for Umbraco.CMS (NuGet) Dec 13, 2023
mjalt96
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
DotNetZip Directory Traversal vulnerability High
CVE-2024-48510 was published for DotNetZip (NuGet) Nov 13, 2024
Foorcee
Blogifier does not properly restrict APIs Critical
CVE-2019-12277 was published for Blogifier.Core (NuGet) May 24, 2022
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users High
CVE-2025-32017 was published for Umbraco.Cms (NuGet) Apr 9, 2025
ggisz
DotNetZip Zip-Slip Vulnerability Moderate
CVE-2018-1002205 was published for DotNetZip (NuGet) Oct 16, 2018
DotVVM allows path traversal when deployed in Debug mode High
GHSA-6q65-j4jw-9cg8 was published for DotVVM (NuGet) Jun 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database