GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
551 advisories
Filter by severity
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
High
CVE-2024-56509
was published
for
changedetection.io
(pip)
Dec 27, 2024
Path Traversal in file update API in gogs
High
CVE-2024-55947
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Remote Command Execution in file editing in gogs
High
CVE-2024-54148
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Spring Framework Path Traversal vulnerability
High
CVE-2024-38819
was published
for
org.springframework:spring-webflux
(Maven)
Dec 19, 2024
Spatie Browsershot Directory Traversal vulnerability
High
CVE-2024-21547
was published
for
spatie/browsershot
(Composer)
Dec 18, 2024
python-libarchive directory traversal
High
CVE-2024-55587
was published
for
python-libarchive
(pip)
Dec 12, 2024
SiYuan has an arbitrary file read via /api/template/render
High
CVE-2024-55657
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources
High
CVE-2024-55658
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file write in the host via /api/asset/upload
High
CVE-2024-55659
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
DotNetZip Directory Traversal vulnerability
High
CVE-2024-48510
was published
for
DotNetZip
(NuGet)
Nov 13, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
High
CVE-2024-52293
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Craft CMS Arbitrary System File Read
High
CVE-2024-52292
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
High
CVE-2024-52291
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
High
GHSA-82j3-hf72-7x93
was published
for
com.reposilite:reposilite-backend
(Maven)
Nov 4, 2024
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Hashicorp Consul Path Traversal vulnerability
High
CVE-2024-10005
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
SQL injection in funadmin
High
CVE-2024-48224
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
OpenRefine has a path traversal in LoadLanguageCommand
High
CVE-2024-49760
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
Adguard Home arbitrary file read vulnerability
High
CVE-2024-36814
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 8, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API