GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
692 advisories
Filter by severity
Path Traversal in @wturyn/swagger-injector
Critical
GHSA-4x7w-frcq-v4m3
was published
for
@wturyn/swagger-injector
(npm)
Sep 3, 2020
Path Traversal in swagger-injector
Critical
GHSA-v4x8-gw49-7hv4
was published
for
swagger-injector
(npm)
Sep 3, 2020
Arbitrary File Write in iobroker.admin
Critical
CVE-2019-10765
was published
for
iobroker.admin
(npm)
Sep 4, 2020
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to...
Critical
Unreviewed
CVE-2022-48253
was published
Jan 11, 2023
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to...
Critical
Unreviewed
CVE-2022-4101
was published
Jan 16, 2023
Keycloak vulnerable to path traversal via double URL encoding
Critical
CVE-2022-3782
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet...
Critical
Unreviewed
CVE-2021-42854
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42853
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42787
was published
Mar 11, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private...
Critical
Unreviewed
CVE-2021-45887
was published
Mar 14, 2022
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
Critical
Unreviewed
CVE-2022-1000
was published
Mar 18, 2022
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer...
Critical
Unreviewed
CVE-2020-25176
was published
Mar 19, 2022
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path...
Critical
Unreviewed
CVE-2022-0679
was published
Mar 29, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain...
Critical
Unreviewed
CVE-2022-27277
was published
Apr 11, 2022
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which...
Critical
Unreviewed
CVE-2021-36288
was published
Apr 9, 2022
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')...
Critical
Unreviewed
CVE-2021-22794
was published
Apr 14, 2022
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes...
Critical
Unreviewed
CVE-2021-43741
was published
Apr 14, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a...
Critical
Unreviewed
CVE-2021-43290
was published
Apr 15, 2022
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter...
Critical
Unreviewed
CVE-2022-1390
was published
Apr 26, 2022
Neo4j Graph Database vulnerable to Path Traversal
Critical
CVE-2021-42767
was published
for
org.neo4j.procedure:apoc
(Maven)
Feb 1, 2022
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL...
Critical
Unreviewed
CVE-2014-4650
was published
May 17, 2022
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for...
Critical
Unreviewed
CVE-2019-9948
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API