GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
702 advisories
Filter by severity
Directory traversal vulnerability in RubyZip
Critical
CVE-2017-5946
was published
for
rubyzip
(RubyGems)
Oct 24, 2017
Diffoscope may write to arbitrary locations due to an untrusted archive
Critical
CVE-2017-0359
was published
for
diffoscope
(pip)
Jul 13, 2018
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
Critical
CVE-2018-12542
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
Path Traversal in swagger-injector
Critical
GHSA-v4x8-gw49-7hv4
was published
for
swagger-injector
(npm)
Sep 3, 2020
Path Traversal in @wturyn/swagger-injector
Critical
GHSA-4x7w-frcq-v4m3
was published
for
@wturyn/swagger-injector
(npm)
Sep 3, 2020
Arbitrary File Write in iobroker.admin
Critical
CVE-2019-10765
was published
for
iobroker.admin
(npm)
Sep 4, 2020
Path traversal in rollup-plugin-serve
Critical
CVE-2020-7684
was published
for
rollup-plugin-serve
(npm)
May 18, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Tarslip in go-unarr
Critical
CVE-2021-38197
was published
for
github.com/gen2brain/go-unarr
(Go)
Sep 1, 2021
Remote code execution in UReport
Critical
CVE-2020-21125
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Sep 20, 2021
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
Using the parameter of getPFXFolderList function, attackers can see the information of...
Critical
Unreviewed
CVE-2020-7882
was published
Nov 23, 2021
Arbitrary file reading vulnerability in Aim
Critical
CVE-2021-43775
was published
for
aim
(pip)
Nov 23, 2021
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file...
Critical
Unreviewed
CVE-2021-43691
was published
Nov 30, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation...
Critical
Unreviewed
CVE-2021-43674
was published
Dec 4, 2021
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
ProTip!
Advisories are also available from the
GraphQL API