Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
Path Traversal in html-pages Critical
CVE-2018-3744 was published for html-pages (npm) Sep 18, 2018
Improper Input Validation in Spring Framework Moderate
CVE-2020-5421 was published for org.springframework:spring-framework-bom (Maven) Apr 30, 2021
joshbressers
Credited to joshbressers
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service ... Moderate Unreviewed
CVE-2021-1282 was published May 24, 2022
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service ... Moderate Unreviewed
CVE-2021-1355 was published May 24, 2022
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service ... Moderate Unreviewed
CVE-2021-1357 was published May 24, 2022
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service ... Moderate Unreviewed
CVE-2021-1364 was published May 24, 2022
The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before... High Unreviewed
CVE-2022-2265 was published Sep 22, 2022
The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated... High Unreviewed
CVE-2022-3693 was published Jan 13, 2023
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible High Unreviewed
CVE-2022-48476 was published Apr 24, 2023
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a... High Unreviewed
CVE-2023-32714 was published Jun 1, 2023
NLnet Labs’ Routinator vulnerable to path traversal Critical
CVE-2023-39916 was published for routinator (Rust) Sep 13, 2023
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del... High Unreviewed
CVE-2023-21415 was published Oct 16, 2023
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43801 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Credited to giubby84
Arduino Create Agent path traversal - local privilege escalation vulnerability High
CVE-2023-43802 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Credited to giubby84
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43803 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Credited to giubby84
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup... High Unreviewed
CVE-2023-21418 was published Nov 21, 2023
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API... High Unreviewed
CVE-2023-21416 was published Nov 21, 2023
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API... High Unreviewed
CVE-2023-21417 was published Nov 21, 2023
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter.... High Unreviewed
CVE-2023-6252 was published Nov 22, 2023
The discontinued FFS Colibri product allows a remote user to access files on the system including... Moderate Unreviewed
CVE-2023-5885 was published Nov 28, 2023
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an... High Unreviewed
CVE-2023-46690 was published Dec 1, 2023
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an... High Unreviewed
CVE-2023-47279 was published Dec 1, 2023
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay... Moderate Unreviewed
CVE-2023-5800 was published Feb 5, 2024
This vulnerability allows remote attackers to traverse the directory on the affected webOS of... Low Unreviewed
CVE-2024-1886 was published Feb 26, 2024
: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability... Moderate Unreviewed
CVE-2023-41793 was published Mar 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database