Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,187 advisories

Loading
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System... High Unreviewed
CVE-2017-13982 was published May 17, 2022
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory... High Unreviewed
CVE-2017-15079 was published May 17, 2022
Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0... High Unreviewed
CVE-2015-1429 was published May 13, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains... High Unreviewed
CVE-2017-15276 was published May 17, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... High Unreviewed
CVE-2017-10940 was published May 13, 2022
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is... Moderate Unreviewed
CVE-2017-15359 was published May 17, 2022
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an... Moderate Unreviewed
CVE-2017-12285 was published May 13, 2022
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper... High Unreviewed
CVE-2017-11511 was published May 13, 2022
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information... High Unreviewed
CVE-2017-14196 was published May 17, 2022
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0... High Unreviewed
CVE-2017-16806 was published May 17, 2022
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal... Critical Unreviewed
CVE-2017-17739 was published May 14, 2022
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute'... High Unreviewed
CVE-2017-5261 was published May 13, 2022
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an... High Unreviewed
CVE-2017-16929 was published May 17, 2022
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a... Critical Unreviewed
CVE-2025-29660 was published Apr 21, 2025
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by... Critical Unreviewed
CVE-2025-22927 was published Apr 3, 2025
WSO2 Carbon directory traversal vulnerability Moderate
CVE-2016-4314 was published for org.wso2.carbon.commons:org.wso2.carbon.logging.view.ui (Maven) May 14, 2022
**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of... Moderate Unreviewed
CVE-2025-3577 was published Apr 22, 2025
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper... High Unreviewed
CVE-2025-23250 was published Apr 22, 2025
An improper limitation of a pathname to a restricted directory vulnerability was identified in... Critical Unreviewed
CVE-2022-46255 was published Dec 14, 2022
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote... High Unreviewed
CVE-2022-46256 was published Dec 14, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
Alist vulnerable to Path Traversal Critical
CVE-2022-45969 was published for github.com/alist-org/alist/v3 (Go) Dec 16, 2022
Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated... Critical Unreviewed
CVE-2021-36471 was published Feb 8, 2023
The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory... High Unreviewed
CVE-2025-3300 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database