Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

542 advisories

Loading
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Parse Server may crash when uploading file without extension High
CVE-2023-46119 was published for parse-server (npm) Oct 24, 2023
chriscborg mtrezza
Yamcs Path Traversal vulnerability High
CVE-2023-45277 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
Artifact Hub arbitrary file read vulnerability High
CVE-2023-45823 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Arduino Create Agent path traversal - local privilege escalation vulnerability High
CVE-2023-43802 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
plexus-codehaus vulnerable to directory traversal High
CVE-2022-4244 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Cecil Path Traversal vulnerability High
CVE-2023-4914 was published for cecil/cecil (Composer) Sep 12, 2023
Jeecg boot arbitrary file read vulnerability High
CVE-2023-41578 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
Path traversal in Zip Swift High
CVE-2023-39135 was published for github.com/marmelroy/Zip (Swift) Aug 31, 2023
Path traversal in ZIPFoundation High
CVE-2023-39138 was published for github.com/weichsel/ZIPFoundation (Swift) Aug 31, 2023
weichsel
Path traversal in Archive High
CVE-2023-39139 was published for archive (Pub) Aug 31, 2023
kj415j45 jonasfj
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter High
CVE-2023-40827 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
zola Path Traversal vulnerability High
CVE-2023-40274 was published for zola (Rust) Aug 14, 2023
1Panel O&M management panel has a background arbitrary file reading vulnerability High
CVE-2023-39964 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
Nuclei Path Traversal vulnerability High
CVE-2023-37896 was published for github.com/projectdiscovery/nuclei (Go) Aug 4, 2023
Arbitrary File Creation in AbstractUnArchiver High
CVE-2023-37460 was published for org.codehaus.plexus:plexus-archiver (Maven) Jul 25, 2023
uriyay-jfrog
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal High
CVE-2023-38337 was published for rswag (RubyGems) Jul 15, 2023
copyparty vulnerable to path traversal attack High
CVE-2023-37474 was published for copyparty (pip) Jul 14, 2023
TheHackyDog
Apache Airflow Path Traversal vulnerability High
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
ethyca-fides Webserver API Path Traversal vulnerability High
CVE-2023-36827 was published for ethyca-fides (pip) Jul 6, 2023
daveqnet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database