Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

702 advisories

Loading
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files... Critical Unreviewed
CVE-2018-14847 was published May 14, 2022
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory... Critical Unreviewed
CVE-2018-5337 was published May 14, 2022
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion... Critical Unreviewed
CVE-2019-9015 was published May 14, 2022
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/,... Critical Unreviewed
CVE-2019-7678 was published May 14, 2022
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory... Critical Unreviewed
CVE-2019-7234 was published May 14, 2022
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir... Critical Unreviewed
CVE-2019-7160 was published May 14, 2022
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users,... Critical Unreviewed
CVE-2015-9277 was published May 14, 2022
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read... Critical Unreviewed
CVE-2018-0705 was published May 14, 2022
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by... Critical Unreviewed
CVE-2018-14957 was published May 14, 2022
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory... Critical Unreviewed
CVE-2018-18869 was published May 14, 2022
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip... Critical Unreviewed
CVE-2016-10733 was published May 14, 2022
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an... Critical Unreviewed
CVE-2018-15540 was published May 14, 2022
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the... Critical Unreviewed
CVE-2018-16283 was published May 14, 2022
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0... Critical Unreviewed
CVE-2018-16518 was published May 14, 2022
Citrix XenServer 7.1 and newer allows Directory Traversal. Critical Unreviewed
CVE-2018-14007 was published May 14, 2022
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager ... Critical Unreviewed
CVE-2018-10510 was published May 14, 2022
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that... Critical Unreviewed
CVE-2017-12815 was published May 14, 2022
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2... Critical Unreviewed
CVE-2016-6600 was published May 14, 2022
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0... Critical Unreviewed
CVE-2018-14364 was published May 14, 2022
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as... Critical Unreviewed
CVE-2018-14064 was published May 14, 2022
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../"... Critical Unreviewed
CVE-2017-7577 was published May 14, 2022
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file... Critical Unreviewed
CVE-2018-12031 was published May 14, 2022
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script... Critical Unreviewed
CVE-2018-11141 was published May 14, 2022
util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an... Critical Unreviewed
CVE-2018-11248 was published May 14, 2022
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files... Critical Unreviewed
CVE-2018-7539 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database