GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
586 advisories
Filter by severity
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the...
Critical
Unreviewed
CVE-2024-52771
was published
Nov 20, 2024
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This...
Critical
Unreviewed
CVE-2023-51639
was published
Nov 22, 2024
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2023-52333
was published
Nov 22, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of...
Critical
Unreviewed
CVE-2024-11311
was published
Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of...
Critical
Unreviewed
CVE-2024-11312
was published
Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of...
Critical
Unreviewed
CVE-2024-11313
was published
Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of...
Critical
Unreviewed
CVE-2024-11314
was published
Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of...
Critical
Unreviewed
CVE-2024-11315
was published
Nov 18, 2024
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory...
Critical
Unreviewed
CVE-2024-44761
was published
Aug 28, 2024
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due...
Critical
Unreviewed
CVE-2024-11150
was published
Nov 13, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39226
was published
Aug 6, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Critical
Unreviewed
CVE-2024-46888
was published
Nov 12, 2024
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is...
Critical
Unreviewed
CVE-2024-10470
was published
Nov 9, 2024
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-10625
was published
Nov 9, 2024
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path...
Critical
Unreviewed
CVE-2024-39332
was published
Oct 31, 2024
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows...
Critical
Unreviewed
CVE-2024-37847
was published
Oct 25, 2024
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The...
Critical
Unreviewed
CVE-2024-5982
was published
Oct 29, 2024
Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow...
Critical
Unreviewed
CVE-2024-41717
was published
Oct 23, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-49286
was published
Oct 20, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the...
Critical
Unreviewed
CVE-2024-4320
was published
Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows...
Critical
Unreviewed
CVE-2024-2362
was published
Jun 6, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code...
Critical
Unreviewed
CVE-2024-2360
was published
Jun 6, 2024
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File...
Critical
Unreviewed
CVE-2019-25213
was published
Oct 16, 2024
A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui...
Critical
Unreviewed
CVE-2024-2624
was published
Jun 6, 2024
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up...
Critical
Unreviewed
CVE-2024-9047
was published
Oct 12, 2024
ProTip!
Advisories are also available from the
GraphQL API