GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,218 advisories
Filter by severity
It was discovered that on Windows operating systems specifically, Kibana was not validating a...
Moderate
Unreviewed
CVE-2021-37938
was published
Nov 19, 2021
Using the parameter of getPFXFolderList function, attackers can see the information of...
Critical
Unreviewed
CVE-2020-7882
was published
Nov 23, 2021
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive,...
Moderate
Unreviewed
CVE-2021-33491
was published
Nov 23, 2021
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote...
High
Unreviewed
CVE-2021-38146
was published
Nov 23, 2021
The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter...
High
Unreviewed
CVE-2021-24644
was published
Nov 24, 2021
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of...
Moderate
Unreviewed
CVE-2021-37023
was published
Nov 24, 2021
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file...
Critical
Unreviewed
CVE-2021-43691
was published
Nov 30, 2021
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote...
High
Unreviewed
CVE-2021-43358
was published
Dec 2, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation...
Critical
Unreviewed
CVE-2021-43674
was published
Dec 4, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied ...
High
Unreviewed
CVE-2021-43176
was published
Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37099
was published
Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37088
was published
Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37087
was published
Dec 8, 2021
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei...
Critical
Unreviewed
CVE-2021-37064
was published
Dec 8, 2021
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows...
High
Unreviewed
CVE-2021-25511
was published
Dec 9, 2021
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and...
High
Unreviewed
CVE-2021-41024
was published
Dec 9, 2021
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote...
High
Unreviewed
CVE-2021-20040
was published
Dec 9, 2021
KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.
High
Unreviewed
CVE-2021-44725
was published
Dec 9, 2021
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0...
High
Unreviewed
CVE-2021-41449
was published
Dec 10, 2021
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted...
Critical
Unreviewed
CVE-2021-31746
was published
Dec 11, 2021
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record...
High
Unreviewed
CVE-2021-44965
was published
Dec 14, 2021
The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab...
High
Unreviewed
CVE-2021-24970
was published
Dec 14, 2021
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read...
Moderate
Unreviewed
CVE-2021-40858
was published
Dec 14, 2021
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path...
High
Unreviewed
CVE-2021-44232
was published
Dec 15, 2021
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive...
High
Unreviewed
CVE-2021-39312
was published
Dec 15, 2021
ProTip!
Advisories are also available from the
GraphQL API