Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

594 advisories

Loading
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s... Critical Unreviewed
CVE-2022-3184 was published Jul 6, 2023
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s... Critical Unreviewed
CVE-2022-22128 was published Jul 6, 2023
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the... Critical Unreviewed
CVE-2023-34598 was published Jun 29, 2023
Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a... Critical Unreviewed
CVE-2023-32623 was published Jun 28, 2023
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to... Critical Unreviewed
CVE-2020-19902 was published Jun 27, 2023
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow... Critical Unreviewed
CVE-2023-32557 was published Jun 27, 2023
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2... Critical Unreviewed
CVE-2023-30945 was published Jun 27, 2023
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8... Critical Unreviewed
CVE-2023-32521 was published Jun 27, 2023
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE... Critical Unreviewed
CVE-2023-34939 was published Jun 22, 2023
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the... Critical Unreviewed
CVE-2023-34880 was published Jun 15, 2023
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename... Critical Unreviewed
CVE-2023-34865 was published Jun 14, 2023
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to... Critical Unreviewed
CVE-2023-2278 was published Jun 13, 2023
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download... Critical Unreviewed
CVE-2023-34342 was published Jun 12, 2023
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in... Critical Unreviewed
CVE-2020-36728 was published Jun 7, 2023
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in... Critical Unreviewed
CVE-2023-34409 was published Jun 6, 2023
Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows... Critical Unreviewed
CVE-2023-29736 was published Jun 1, 2023
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond... Critical Unreviewed
CVE-2023-2909 was published May 31, 2023
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with... Critical Unreviewed
CVE-2022-47526 was published May 31, 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code... Critical Unreviewed
CVE-2022-24629 was published May 29, 2023
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a... Critical Unreviewed
CVE-2023-28413 was published May 23, 2023
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote... Critical Unreviewed
CVE-2023-28408 was published May 23, 2023
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the... Critical Unreviewed
CVE-2023-27507 was published May 23, 2023
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2020-20012 was published May 23, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that... Critical Unreviewed
CVE-2022-36327 was published May 18, 2023
CLTPHP <=6.0 is vulnerable to Improper Input Validation. Critical Unreviewed
CVE-2023-30268 was published May 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database