Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,176 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory in WildFly Moderate
CVE-2018-10862 was published for org.wildfly.core:wildfly-server (Maven) May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow Moderate
CVE-2014-7816 was published for io.undertow:undertow-core (Maven) May 17, 2022
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and... High Unreviewed
CVE-2022-4030 was published Nov 29, 2022
Neo4j Graph Database vulnerable to Path Traversal Critical
CVE-2021-42767 was published for org.neo4j.procedure:apoc (Maven) Feb 1, 2022
ngrodum
Improper Limitation of a Pathname to a Restricted Directory in Zip4j Moderate
CVE-2018-1002202 was published for net.lingala.zip4j:zip4j (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client High
CVE-2021-20218 was published for io.fabric8:kubernetes-client (Maven) May 24, 2022
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL... Critical Unreviewed
CVE-2014-4650 was published May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch Moderate
CVE-2015-3337 was published for org.elasticsearch:elasticsearch (Maven) May 17, 2022
BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File... High Unreviewed
CVE-2020-12112 was published May 24, 2022
Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access... High Unreviewed
CVE-2022-38301 was published Sep 15, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin Moderate
CVE-2019-10436 was published for org.jenkins-ci.plugins:google-oauth-plugin (Maven) May 24, 2022
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for... Critical Unreviewed
CVE-2019-9948 was published May 24, 2022
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows... Moderate Unreviewed
CVE-2022-36831 was published Aug 6, 2022
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and... Moderate Unreviewed
CVE-2010-2507 was published May 17, 2022
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for... High Unreviewed
CVE-2010-2682 was published May 17, 2022
Apache Fineract allowed an authenticated user to perform remote code execution due to a path... High Unreviewed
CVE-2022-44635 was published Nov 29, 2022
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions... Moderate Unreviewed
CVE-2022-4031 was published Nov 29, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000.... Moderate Unreviewed
CVE-2020-25248 was published May 24, 2022
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow... Moderate Unreviewed
CVE-2020-13886 was published May 24, 2022
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting... Moderate Unreviewed
CVE-2020-35176 was published May 24, 2022
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute... Critical Unreviewed
CVE-2020-27730 was published May 24, 2022
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might... Moderate Unreviewed
CVE-2010-2676 was published May 17, 2022
Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for... High Unreviewed
CVE-2010-1957 was published May 17, 2022
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when... Moderate Unreviewed
CVE-2010-1936 was published May 17, 2022
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when... Moderate Unreviewed
CVE-2010-1928 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database