GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
5,664 advisories
Filter by severity
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
High
GHSA-hx3m-959f-v849
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Symlink bypasses filesystem sandbox
Low
GHSA-55f3-3qvg-8pv5
was published
for
wasmer
(Rust)
Jun 7, 2024
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the...
High
Unreviewed
CVE-2024-3322
was published
Jun 6, 2024
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its...
Critical
Unreviewed
CVE-2024-3234
was published
Jun 6, 2024
A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework,...
High
Unreviewed
CVE-2024-5187
was published
Jun 6, 2024
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability...
Moderate
Unreviewed
CVE-2024-23793
was published
Jun 6, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution...
High
Unreviewed
CVE-2024-5505
was published
Jun 6, 2024
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would...
High
Unreviewed
CVE-2024-28995
was published
Jun 6, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
GHSA-665w-mwrr-77q3
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-33541
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-34384
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-33560
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-34552
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-33557
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-34554
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization...
High
Unreviewed
CVE-2024-33568
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-35634
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-33628
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-34551
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Unknown
Unreviewed
CVE-2024-36104
was published
Jun 4, 2024
MileSight DeviceHub -
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path...
Critical
Unreviewed
CVE-2024-27776
was published
Jun 2, 2024
ProTip!
Advisories are also available from the
GraphQL API