GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,259 advisories
Filter by severity
Authenticated mail users, under specific circumstances, could add files with unsanitized content...
High
Unreviewed
CVE-2022-42136
was published
Jan 13, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2020-15643
was published
May 24, 2022
An absolute path traversal vulnerability allows a remote attacker to download any file on the...
High
Unreviewed
CVE-2022-25216
was published
Mar 12, 2022
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa...
High
Unreviewed
CVE-2022-21808
was published
Mar 12, 2022
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following...
High
Unreviewed
CVE-2022-21177
was published
Mar 12, 2022
The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports...
High
Unreviewed
CVE-2022-22771
was published
Mar 16, 2022
Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File...
High
Unreviewed
CVE-2021-45010
was published
Mar 16, 2022
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows...
High
Unreviewed
CVE-2022-25249
was published
Mar 17, 2022
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x...
High
Unreviewed
CVE-2022-26500
was published
Mar 18, 2022
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon,...
High
Unreviewed
CVE-2011-0497
was published
May 17, 2022
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla!...
High
Unreviewed
CVE-2010-4719
was published
May 17, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal...
High
Unreviewed
CVE-2022-23347
was published
Mar 22, 2022
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as...
High
Unreviewed
CVE-2021-45968
was published
Mar 19, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths...
High
Unreviewed
CVE-2021-27473
was published
Mar 24, 2022
The parsing mechanism that processes certain file types does not provide input sanitization for...
High
Unreviewed
CVE-2021-27471
was published
Mar 24, 2022
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal ...
High
Unreviewed
CVE-2022-25267
was published
Mar 25, 2022
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does...
High
Unreviewed
CVE-2021-44124
was published
Mar 29, 2022
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as...
High
Unreviewed
CVE-2021-24962
was published
Mar 29, 2022
Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly...
High
Unreviewed
CVE-2010-4154
was published
May 17, 2022
Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP...
High
Unreviewed
CVE-2010-4153
was published
May 17, 2022
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal...
High
Unreviewed
CVE-2022-25347
was published
Mar 30, 2022
The default configuration of the PJL Access value in the File System External Access settings on...
High
Unreviewed
CVE-2010-4107
was published
May 17, 2022
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3...
High
Unreviewed
CVE-2010-3426
was published
May 17, 2022
Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP...
High
Unreviewed
CVE-2010-4148
was published
May 17, 2022
An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits...
High
Unreviewed
CVE-2021-32949
was published
Apr 3, 2022
ProTip!
Advisories are also available from the
GraphQL API