Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

594 advisories

Loading
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote... Critical Unreviewed
CVE-2020-5639 was published May 24, 2022
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute... Critical Unreviewed
CVE-2020-27730 was published May 24, 2022
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated... Critical Unreviewed
CVE-2020-26837 was published May 24, 2022
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it... Critical Unreviewed
CVE-2020-29600 was published May 24, 2022
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions... Critical Unreviewed
CVE-2020-8271 was published May 24, 2022
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to... Critical Unreviewed
CVE-2020-12315 was published May 24, 2022
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of... Critical Unreviewed
CVE-2020-27160 was published May 24, 2022
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and... Critical Unreviewed
CVE-2020-9920 was published May 24, 2022
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path... Critical Unreviewed
CVE-2020-7376 was published May 24, 2022
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory... Critical Unreviewed
CVE-2020-10564 was published May 24, 2022
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50... Critical Unreviewed
CVE-2020-6203 was published May 24, 2022
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and... Critical Unreviewed
CVE-2019-19790 was published May 24, 2022
Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. Critical Unreviewed
CVE-2019-15931 was published May 24, 2022
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by... Critical Unreviewed
CVE-2019-13551 was published May 24, 2022
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free... Critical Unreviewed
CVE-2019-18189 was published May 24, 2022
A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8... Critical Unreviewed
CVE-2019-14450 was published May 24, 2022
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for... Critical Unreviewed
CVE-2019-9948 was published May 24, 2022
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server... Critical Unreviewed
CVE-2019-17662 was published May 24, 2022
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an... Critical Unreviewed
CVE-2019-16278 was published May 24, 2022
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. Critical Unreviewed
CVE-2019-17399 was published May 24, 2022
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the... Critical Unreviewed
CVE-2019-16915 was published May 24, 2022
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action... Critical Unreviewed
CVE-2019-16868 was published May 24, 2022
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the... Critical Unreviewed
CVE-2019-14914 was published May 24, 2022
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x... Critical Unreviewed
CVE-2019-10197 was published May 24, 2022
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory... Critical Unreviewed
CVE-2019-15822 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database