GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
Path Traversal within joomla/archive zip class
Moderate
CVE-2021-26028
was published
for
joomla/archive
(Composer)
Mar 24, 2021
Path Traversal in ImpressCMS
High
CVE-2021-26601
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Twig may load a template outside a configured directory when using the filesystem loader
High
CVE-2022-39261
was published
for
twig/twig
(Composer)
Sep 30, 2022
Path traversal in Concrete CMS
Critical
CVE-2022-30117
was published
for
concrete5/core
(Composer)
Jun 25, 2022
ICEcoder vulnerable to Path Traversal
High
CVE-2022-34026
was published
for
icecoder/icecoder
(Composer)
Sep 23, 2022
melisplatform/melis-asset-manager vulnerable to Path Traversal
High
CVE-2022-39296
was published
for
melisplatform/melis-asset-manager
(Composer)
Oct 11, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
Moderate
CVE-2006-5031
was published
for
cakephp/cakephp
(Composer)
May 1, 2022
Path Traversal in FileGator
Moderate
CVE-2022-1850
was published
for
filegator/filegator
(Composer)
May 25, 2022
Path Traversal in LibreNMS
High
CVE-2019-12464
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
Zip slip in Microweber
High
CVE-2020-28337
was published
for
microweber/microweber
(Composer)
Feb 10, 2022
Potential Zip Slip Vulnerability in baserCMS
High
CVE-2021-41279
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Path traversal in librenms/librenms
Critical
CVE-2021-44278
was published
for
librenms/librenms
(Composer)
Dec 10, 2021
PHP file inclusion in the Sulu admin panel
High
CVE-2021-43836
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
Path Traversal in the Logs plugin for Craft CMS
Moderate
CVE-2022-23409
was published
for
ether/logs
(Composer)
Feb 1, 2022
Path Traversal in ImpressCMS
Critical
CVE-2022-24977
was published
for
impresscms/impresscms
(Composer)
Feb 15, 2022
Path Traversal in S-Cart
Moderate
CVE-2021-44111
was published
for
s-cart/s-cart
(Composer)
Feb 12, 2022
Path traversal in pimcore
Moderate
CVE-2022-0665
was published
for
pimcore/pimcore
(Composer)
Feb 23, 2022
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files
Moderate
CVE-2023-27577
was published
for
flarum/core
(Composer)
Mar 13, 2023
phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence
Moderate
CVE-2006-3360
was published
for
phpsysinfo/phpsysinfo
(Composer)
May 1, 2022
elFinder vulnerable to path traversal in LocalVolumeDriver connector
High
CVE-2023-35840
was published
for
studio-42/elfinder
(Composer)
Jun 14, 2023
Directory Traversal in Archive_Tar
High
CVE-2020-36193
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
ProTip!
Advisories are also available from the
GraphQL API