Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Contao affected by directory traversal in the file selector widget Moderate
CVE-2024-45604 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
Magento Open Source Path Traversal vulnerability Moderate
CVE-2024-39406 was published for magento/community-edition (Composer) Aug 14, 2024
ICEcoder Path Traversal vulnerability Moderate
CVE-2024-41373 was published for icecoder/icecoder (Composer) Jul 26, 2024
Twig Path Traversal vulnerability in the filesystem loader Moderate
GHSA-7cvr-xhm5-x998 was published for twig/twig (Composer) May 30, 2024
Magento Insecure Direct Object Reference (IDOR) vulnerability Moderate
CVE-2019-7925 was published for magento/community-edition (Composer) May 24, 2022
Contao Core directory traversal vulnerability Moderate
CVE-2015-0269 was published for contao/core (Composer) May 17, 2022
TYPO3 Directory Traversal on ZIP extraction Moderate
CVE-2019-19848 was published for typo3/cms (Composer) May 24, 2022
Grav CMS Local File Injection Moderate
CVE-2020-29556 was published for getgrav/grav (Composer) May 24, 2022
phpMyAdmin Arbitrary file read vulnerability Moderate
CVE-2019-6799 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
OpenCart Path Traversal Moderate
CVE-2018-11495 was published for opencart/opencart (Composer) May 14, 2022
Path disclosure in JavaScript variable Moderate
CVE-2024-26129 was published for prestashop/prestashop (Composer) Feb 21, 2024
hugo-fasone matks
Path Traversal in TYPO3 File Abstraction Layer Storages Moderate
CVE-2023-30451 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader bnf
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal Moderate
GHSA-3gjc-mp82-fj4q was published for typo3/cms-core (Composer) Dec 25, 2023 withdrawn
Smarty Path Traversal Vulnerability Moderate
CVE-2018-16831 was published for smarty/smarty (Composer) May 14, 2022
Ocramius
SabreDAV Directory Traversal vulnerability Moderate
CVE-2013-1939 was published for sabre/dav (Composer) May 14, 2022
browsershot local file inclusion vulnerability Moderate
CVE-2020-7790 was published for spatie/browsershot (Composer) May 24, 2022
Moodle directory traversal vulnerability Moderate
CVE-2015-1493 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
phpMyAdmin Directory Traversal Vulnerability Moderate
CVE-2011-2718 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
ForkCMS Directory Traversal vulnerability Moderate
CVE-2012-1207 was published for forkcms/forkcms (Composer) May 17, 2022
Magento Path Traversal vulnerability Moderate
CVE-2021-28584 was published for magento/community-edition (Composer) May 24, 2022
Magento path traversal vulnerability Moderate
CVE-2020-9689 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal Moderate
CVE-2020-3717 was published for magento/community-edition (Composer) May 24, 2022
Potential URI resolution path traversal in the AWS SDK for PHP Moderate
CVE-2023-51651 was published for aws/aws-sdk-php (Composer) Dec 21, 2023
arkark
MAGMI plugin for Magento Server Directory Traversal Moderate
CVE-2015-2067 was published for dweeves/magmi (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API