Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

555 advisories

Loading
Using the parameter of getPFXFolderList function, attackers can see the information of... Critical Unreviewed
CVE-2020-7882 was published Nov 23, 2021
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file... Critical Unreviewed
CVE-2021-43691 was published Nov 30, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation... Critical Unreviewed
CVE-2021-43674 was published Dec 4, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37099 was published Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37088 was published Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37087 was published Dec 8, 2021
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei... Critical Unreviewed
CVE-2021-37064 was published Dec 8, 2021
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted... Critical Unreviewed
CVE-2021-31746 was published Dec 11, 2021
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix... Critical Unreviewed
CVE-2021-21894 was published Dec 23, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due... Critical Unreviewed
CVE-2021-45427 was published Dec 31, 2021
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2021-37128 was published Jan 4, 2022
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an... Critical Unreviewed
CVE-2020-17383 was published Jan 25, 2022
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive... Critical Unreviewed
CVE-2021-23520 was published Feb 1, 2022
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise... Critical Unreviewed
CVE-2022-0320 was published Feb 2, 2022
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter... Critical Unreviewed
CVE-2022-23357 was published Feb 8, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that... Critical Unreviewed
CVE-2022-24312 was published Feb 11, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that... Critical Unreviewed
CVE-2022-24311 was published Feb 11, 2022
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an... Critical Unreviewed
CVE-2020-14523 was published Feb 12, 2022
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of... Critical Unreviewed
CVE-2021-38892 was published Feb 12, 2022
An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent.... Critical Unreviewed
CVE-2021-26619 was published Feb 19, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet... Critical Unreviewed
CVE-2021-42854 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed
CVE-2021-42853 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed
CVE-2021-42787 was published Mar 11, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private... Critical Unreviewed
CVE-2021-45887 was published Mar 14, 2022
ProTip! Advisories are also available from the GraphQL API