GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
6,014 advisories
Filter by severity
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-43957
was published
Aug 29, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-43955
was published
Aug 29, 2024
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this...
Moderate
Unreviewed
CVE-2024-8304
was published
Aug 29, 2024
Ollama can extract members of a ZIP archive outside of the parent directory
High
CVE-2024-45436
was published
for
github.com/ollama/ollama
(Go)
Aug 29, 2024
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory...
Critical
Unreviewed
CVE-2024-44761
was published
Aug 28, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a...
Moderate
Unreviewed
CVE-2024-7744
was published
Aug 28, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-4556
was published
Aug 28, 2024
A path traversal vulnerability exists in the Xiaomi File Manager application product...
Moderate
Unreviewed
CVE-2023-26321
was published
Aug 28, 2024
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all...
Moderate
Unreviewed
CVE-2024-6312
was published
Aug 28, 2024
The product allows user input to control or influence paths or file
names that are used in...
Critical
Unreviewed
CVE-2024-3980
was published
Aug 27, 2024
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows...
High
Unreviewed
CVE-2024-6789
was published
Aug 27, 2024
A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network...
Moderate
Unreviewed
CVE-2024-8165
was published
Aug 26, 2024
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology...
Moderate
Unreviewed
CVE-2024-8163
was published
Aug 26, 2024
unzip-stream allows Arbitrary File Write via artifact extraction
High
GHSA-6jrj-vc65-c983
was published
for
unzip-stream
(npm)
Aug 26, 2024
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0...
Critical
Unreviewed
CVE-2024-45256
was published
Aug 26, 2024
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management)...
High
Unreviewed
CVE-2024-45241
was published
Aug 26, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45188
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45189
was published
for
mage-ai
(pip)
Aug 23, 2024
Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
High
Unreviewed
CVE-2024-42992
was published
Aug 23, 2024
Path Traversal vulnerability discovered in OpenText™ CX-E Voice,
affecting all version through...
Moderate
Unreviewed
CVE-2023-7260
was published
Aug 22, 2024
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the...
Moderate
Unreviewed
CVE-2024-7634
was published
Aug 22, 2024
An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03,...
High
Unreviewed
CVE-2024-43022
was published
Aug 21, 2024
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability...
High
Unreviewed
CVE-2024-6141
was published
Aug 21, 2024
Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File...
High
Unreviewed
CVE-2024-7601
was published
Aug 21, 2024
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This...
Moderate
Unreviewed
CVE-2024-7602
was published
Aug 21, 2024
ProTip!
Advisories are also available from the
GraphQL API