Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,210 advisories

Loading
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
OpenRefine vulnerable to zip slip in project import Moderate
CVE-2023-37476 was published for org.openrefine:main (Maven) Jul 18, 2023
stefan-schiller-sonarsource
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal High
CVE-2023-38337 was published for rswag (RubyGems) Jul 15, 2023
copyparty vulnerable to path traversal attack High
CVE-2023-37474 was published for copyparty (pip) Jul 14, 2023
TheHackyDog
Jenkins MathWorks Polyspace Plugin vulnerable to arbitrary file read Moderate
CVE-2023-37960 was published for com.mathworks.polyspace.jenkins:mathworks-polyspace (Maven) Jul 12, 2023
Apache Airflow Path Traversal vulnerability High
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache MINA SSHD information disclosure vulnerability Moderate
CVE-2023-35887 was published for org.apache.sshd:sshd-common (Maven) Jul 10, 2023
pavelarnost gjordi
Graylog server has partial path traversal vulnerability in Support Bundle feature Low
CVE-2023-41044 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
weiweiwei9811
ethyca-fides Webserver API Path Traversal vulnerability High
CVE-2023-36827 was published for ethyca-fides (pip) Jul 6, 2023
daveqnet
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability Critical
CVE-2023-35169 was published for webklex/laravel-imap (Composer) Jun 21, 2023
angelej
elFinder vulnerable to path traversal in LocalVolumeDriver connector High
CVE-2023-35840 was published for studio-42/elfinder (Composer) Jun 14, 2023
sectroyer
Gatsby develop server has Local File Inclusion vulnerability Moderate
CVE-2023-34238 was published for gatsby (npm) Jun 9, 2023
Arbitrary file read using percent-encoded relative paths in FileMiddleware Moderate
CVE-2020-15230 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
lmcd
Froxlor vulnerable to Path Traversal High
CVE-2023-3172 was published for froxlor/froxlor (Composer) Jun 9, 2023
hawtio vulnerable to Path Traversal Moderate
CVE-2023-33544 was published for io.hawt:project (Maven) Jun 1, 2023
Duplicate Advisory: Starlette vulnerable to directory traversal High
GHSA-qj8w-rv5x-2v9h was published for starlette (pip) Jun 1, 2023 withdrawn
Administration Console authentication bypass in openfire xmppserver High
CVE-2023-32315 was published for org.igniterealtime.openfire:xmppserver (Maven) May 23, 2023
akrherz Fishbowler
guusdk Siebene
Starlette has Path Traversal vulnerability in StaticFiles Moderate
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
Jenkins Code Dx Plugin missing permission checks Moderate
CVE-2023-2196 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Sidebar Link Plugin vulnerable to Path Traversal Moderate
CVE-2023-32985 was published for org.jenkins-ci.plugins:sidebar-link (Maven) May 16, 2023
Any file can be included with the pymdown-snippets extension High
CVE-2023-32309 was published for pymdown-extensions (pip) May 15, 2023
itlabbet tvalenta
mflow vulnerable to directory traversal High
CVE-2023-30172 was published for mlflow (pip) May 11, 2023
n8n Directory Traversal vulnerability Moderate
CVE-2023-27562 was published for n8n (npm) May 10, 2023
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database