GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,972
Composer 4,285
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,238
npm 3,741
NuGet 668
pip 3,422
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,197

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

594 advisories

Filter by severity

Sort by

Least recently updated

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal... Critical Unreviewed

CVE-2017-17739 was published May 14, 2022

Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal... Critical Unreviewed

CVE-2017-17992 was published May 14, 2022

An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted... Critical Unreviewed

CVE-2018-5997 was published May 14, 2022

A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22... Critical Unreviewed

CVE-2017-8947 was published May 14, 2022

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block ... Critical Unreviewed

CVE-2018-7442 was published May 14, 2022

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any... Critical Unreviewed

CVE-2018-8712 was published May 14, 2022

A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor... Critical Unreviewed

CVE-2016-8205 was published May 14, 2022

On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files... Critical Unreviewed

CVE-2018-7539 was published May 14, 2022

util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an... Critical Unreviewed

CVE-2018-11248 was published May 14, 2022

The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script... Critical Unreviewed

CVE-2018-11141 was published May 14, 2022

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file... Critical Unreviewed

CVE-2018-12031 was published May 14, 2022

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../"... Critical Unreviewed

CVE-2017-7577 was published May 14, 2022

The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as... Critical Unreviewed

CVE-2018-14064 was published May 14, 2022

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0... Critical Unreviewed

CVE-2018-14364 was published May 14, 2022

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2... Critical Unreviewed

CVE-2016-6600 was published May 14, 2022

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that... Critical Unreviewed

CVE-2017-12815 was published May 14, 2022

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager ... Critical Unreviewed

CVE-2018-10510 was published May 14, 2022

Citrix XenServer 7.1 and newer allows Directory Traversal. Critical Unreviewed

CVE-2018-14007 was published May 14, 2022

A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0... Critical Unreviewed

CVE-2018-16518 was published May 14, 2022

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the... Critical Unreviewed

CVE-2018-16283 was published May 14, 2022

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an... Critical Unreviewed

CVE-2018-15540 was published May 14, 2022

ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip... Critical Unreviewed

CVE-2016-10733 was published May 14, 2022

EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory... Critical Unreviewed

CVE-2018-18869 was published May 14, 2022

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by... Critical Unreviewed

CVE-2018-14957 was published May 14, 2022

Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read... Critical Unreviewed

CVE-2018-0705 was published May 14, 2022

Previous 1 2 … 18 19 20 21 22 23 24 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

594 advisories