GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
658 advisories
Filter by severity
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10...
Critical
Unreviewed
CVE-2024-33109
was published
Sep 19, 2024
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to...
Critical
Unreviewed
CVE-2024-8963
was published
Sep 19, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the...
Critical
Unreviewed
CVE-2024-46375
was published
Sep 18, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the...
Critical
Unreviewed
CVE-2024-46376
was published
Sep 18, 2024
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that...
Critical
Unreviewed
CVE-2024-8752
was published
Sep 16, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-7609
was published
Sep 11, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-6445
was published
Sep 6, 2024
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for...
Critical
Unreviewed
CVE-2024-7950
was published
Sep 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-43955
was published
Aug 29, 2024
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory...
Critical
Unreviewed
CVE-2024-44761
was published
Aug 28, 2024
The product allows user input to control or influence paths or file
names that are used in...
Critical
Unreviewed
CVE-2024-3980
was published
Aug 27, 2024
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0...
Critical
Unreviewed
CVE-2024-45256
was published
Aug 26, 2024
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &...
Critical
Unreviewed
CVE-2024-7777
was published
Aug 20, 2024
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12...
Critical
Unreviewed
CVE-2024-7263
was published
Aug 15, 2024
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12...
Critical
Unreviewed
CVE-2024-7262
was published
Aug 15, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via...
Critical
Unreviewed
CVE-2024-21876
was published
Aug 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability...
Critical
Unreviewed
CVE-2024-21877
was published
Aug 12, 2024
CometVisu Backend for openHAB affected by RCE through path traversal
Critical
CVE-2024-42469
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Jenkins Remoting library arbitrary file read vulnerability
Critical
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39226
was published
Aug 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-39619
was published
Aug 1, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
CLSA Directory Traversal vulnerability
Critical
CVE-2024-28698
was published
for
Csla
(NuGet)
Jul 22, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a...
Critical
Unreviewed
CVE-2024-41704
was published
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API