GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
5,678 advisories
Filter by severity
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path
Traversal’)...
High
Unreviewed
CVE-2024-37037
was published
Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack
Critical
CVE-2024-4315
was published
for
lollms
(pip)
Jun 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-35712
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-35745
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-35743
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-35744
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-35754
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-35677
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-35658
was published
Jun 10, 2024
Vulnerability discovered by executing a planned security audit.
Improper Limitation of a...
Critical
Unreviewed
CVE-2024-34762
was published
Jun 10, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
High
GHSA-hx3m-959f-v849
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Symlink bypasses filesystem sandbox
Low
GHSA-55f3-3qvg-8pv5
was published
for
wasmer
(Rust)
Jun 7, 2024
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5481
was published
Jun 7, 2024
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a...
High
Unreviewed
CVE-2024-5637
was published
Jun 7, 2024
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the...
High
Unreviewed
CVE-2024-3322
was published
Jun 6, 2024
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its...
Critical
Unreviewed
CVE-2024-3234
was published
Jun 6, 2024
A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework,...
High
Unreviewed
CVE-2024-5187
was published
Jun 6, 2024
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability...
Moderate
Unreviewed
CVE-2024-23793
was published
Jun 6, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution...
High
Unreviewed
CVE-2024-5505
was published
Jun 6, 2024
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would...
High
Unreviewed
CVE-2024-28995
was published
Jun 6, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
CVE-2024-37169
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API