Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

5,678 advisories

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)... High Unreviewed
CVE-2024-37037 was published Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-35712 was published Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-35745 was published Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-35743 was published Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-35744 was published Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-35754 was published Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-35677 was published Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-35658 was published Jun 10, 2024
Vulnerability discovered by executing a planned security audit. Improper Limitation of a... Critical Unreviewed
CVE-2024-34762 was published Jun 10, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()` High
GHSA-hx3m-959f-v849 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Symlink bypasses filesystem sandbox Low
GHSA-55f3-3qvg-8pv5 was published for wasmer (Rust) Jun 7, 2024
yagehu
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5481 was published Jun 7, 2024
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a... High Unreviewed
CVE-2024-5637 was published Jun 7, 2024
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the... High Unreviewed
CVE-2024-3322 was published Jun 6, 2024
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its... Critical Unreviewed
CVE-2024-3234 was published Jun 6, 2024
A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework,... High Unreviewed
CVE-2024-5187 was published Jun 6, 2024
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability... Moderate Unreviewed
CVE-2024-23793 was published Jun 6, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution... High Unreviewed
CVE-2024-5505 was published Jun 6, 2024
Local file inclusion in gradio High
CVE-2024-4941 was published for gradio (pip) Jun 6, 2024
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would... High Unreviewed
CVE-2024-28995 was published Jun 6, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper Moderate
CVE-2024-37169 was published for @jmondi/url-to-png (npm) Jun 5, 2024
timoxoszt jasonraimondi
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
ProTip! Advisories are also available from the GraphQL API