GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,911

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

594 advisories

Filter by severity

Sort by

Least recently updated

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up... Critical Unreviewed

CVE-2024-9047 was published Oct 12, 2024

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs... Critical Unreviewed

CVE-2024-46446 was published Oct 7, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2024-44014 was published Oct 5, 2024

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed

CVE-2024-8671 was published Sep 24, 2024

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10... Critical Unreviewed

CVE-2024-33109 was published Sep 19, 2024

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to... Critical Unreviewed

CVE-2024-8963 was published Sep 19, 2024

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the... Critical Unreviewed

CVE-2024-46376 was published Sep 18, 2024

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the... Critical Unreviewed

CVE-2024-46375 was published Sep 18, 2024

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that... Critical Unreviewed

CVE-2024-8752 was published Sep 16, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2024-7609 was published Sep 11, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2024-6445 was published Sep 6, 2024

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Critical Unreviewed

CVE-2024-7950 was published Sep 4, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2024-43955 was published Aug 29, 2024

An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory... Critical Unreviewed

CVE-2024-44761 was published Aug 28, 2024

The product allows user input to control or influence paths or file names that are used in... Critical Unreviewed

CVE-2024-3980 was published Aug 27, 2024

An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0... Critical Unreviewed

CVE-2024-45256 was published Aug 26, 2024

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &... Critical Unreviewed

CVE-2024-7777 was published Aug 20, 2024

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12... Critical Unreviewed

CVE-2024-7262 was published Aug 15, 2024

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12... Critical Unreviewed

CVE-2024-7263 was published Aug 15, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via... Critical Unreviewed

CVE-2024-21876 was published Aug 12, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability... Critical Unreviewed

CVE-2024-21877 was published Aug 12, 2024

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed

CVE-2024-39226 was published Aug 6, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2024-39619 was published Aug 1, 2024

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is... Critical Unreviewed

CVE-2024-40422 was published Jul 24, 2024

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a... Critical Unreviewed

CVE-2024-41704 was published Jul 22, 2024

Previous 1 2 3 4 5 … 23 24 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

594 advisories