Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,746
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

707 advisories

Loading
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior,... Critical Unreviewed
CVE-2018-10589 was published May 13, 2022
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an... Critical Unreviewed
CVE-2018-14806 was published May 13, 2022
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname... Critical Unreviewed
CVE-2018-17934 was published May 13, 2022
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack... Critical Unreviewed
CVE-2018-3822 was published May 13, 2022
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG... Critical Unreviewed
CVE-2018-6677 was published May 13, 2022
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions... Critical Unreviewed
CVE-2016-8204 was published May 13, 2022
util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute... Critical Unreviewed
CVE-2019-9195 was published May 13, 2022
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component,... Critical Unreviewed
CVE-2018-16836 was published May 13, 2022
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method... Critical Unreviewed
CVE-2018-7300 was published May 13, 2022
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin Critical Unreviewed
CVE-2016-1000112 was published May 13, 2022
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. Critical Unreviewed
CVE-2018-19328 was published May 13, 2022
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows... Critical Unreviewed
CVE-2017-6821 was published May 13, 2022
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby... Critical Unreviewed
CVE-2017-1000047 was published May 13, 2022
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the ... Critical Unreviewed
CVE-2017-1000501 was published May 13, 2022
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal... Critical Unreviewed
CVE-2018-1000550 was published May 13, 2022
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call... Critical Unreviewed
CVE-2017-17671 was published May 13, 2022
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1... Critical Unreviewed
CVE-2019-9960 was published May 13, 2022
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk... Critical Unreviewed
CVE-2019-8395 was published May 13, 2022
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the... Critical Unreviewed
CVE-2019-1010257 was published May 13, 2022
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a... Critical Unreviewed
CVE-2018-16367 was published May 13, 2022
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly... Critical Unreviewed
CVE-2015-9266 was published May 13, 2022
Directory Traversal in Studio 42 elFinder Critical
CVE-2018-9110 was published for studio-42/elfinder (Composer) May 13, 2022
elFinder Path Traversal vulnerability Critical
CVE-2018-9109 was published for studio-42/elfinder (Composer) May 13, 2022
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before... Critical Unreviewed
CVE-2016-6269 was published May 13, 2022
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed... Critical Unreviewed
CVE-2019-3396 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database