GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
594 advisories
Filter by severity
Using the parameter of getPFXFolderList function, attackers can see the information of...
Critical
Unreviewed
CVE-2020-7882
was published
Nov 23, 2021
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file...
Critical
Unreviewed
CVE-2021-43691
was published
Nov 30, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation...
Critical
Unreviewed
CVE-2021-43674
was published
Dec 4, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37099
was published
Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37088
was published
Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37087
was published
Dec 8, 2021
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei...
Critical
Unreviewed
CVE-2021-37064
was published
Dec 8, 2021
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted...
Critical
Unreviewed
CVE-2021-31746
was published
Dec 11, 2021
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix...
Critical
Unreviewed
CVE-2021-21894
was published
Dec 23, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily...
Critical
Unreviewed
CVE-2020-20944
was published
Dec 28, 2021
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due...
Critical
Unreviewed
CVE-2021-45427
was published
Dec 31, 2021
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2021-37128
was published
Jan 4, 2022
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an...
Critical
Unreviewed
CVE-2020-17383
was published
Jan 25, 2022
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive...
Critical
Unreviewed
CVE-2021-23520
was published
Feb 1, 2022
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise...
Critical
Unreviewed
CVE-2022-0320
was published
Feb 2, 2022
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter...
Critical
Unreviewed
CVE-2022-23357
was published
Feb 8, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that...
Critical
Unreviewed
CVE-2022-24312
was published
Feb 11, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that...
Critical
Unreviewed
CVE-2022-24311
was published
Feb 11, 2022
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an...
Critical
Unreviewed
CVE-2020-14523
was published
Feb 12, 2022
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of...
Critical
Unreviewed
CVE-2021-38892
was published
Feb 12, 2022
An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent....
Critical
Unreviewed
CVE-2021-26619
was published
Feb 19, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet...
Critical
Unreviewed
CVE-2021-42854
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42787
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42853
was published
Mar 11, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private...
Critical
Unreviewed
CVE-2021-45887
was published
Mar 14, 2022
ProTip!
Advisories are also available from the
GraphQL API