GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
6,011 advisories
Filter by severity
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to...
Critical
Unreviewed
CVE-2024-8963
was published
Sep 19, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the...
Critical
Unreviewed
CVE-2024-46376
was published
Sep 18, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the...
Critical
Unreviewed
CVE-2024-46375
was published
Sep 18, 2024
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized...
Low
Unreviewed
CVE-2023-34117
was published
Jul 11, 2023
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited,...
High
Unreviewed
CVE-2024-7961
was published
Sep 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-7609
was published
Sep 11, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
High
CVE-2024-46986
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Django Directory Traversal via ssi template tag
High
CVE-2013-4315
was published
for
django
(pip)
May 17, 2022
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of...
High
Unreviewed
CVE-2024-42501
was published
Sep 17, 2024
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
High
GHSA-7x4w-cj9r-h4v9
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13...
High
Unreviewed
CVE-2024-44167
was published
Sep 17, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS...
High
Unreviewed
CVE-2024-27869
was published
Sep 17, 2024
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Composio Path Traversal vulnerability
Moderate
CVE-2024-8865
was published
for
composio-core
(pip)
Sep 16, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow...
High
Unreviewed
CVE-2021-3806
was published
May 24, 2022
Django Admin Media Handler Vulnerable to Directory Traversal
High
CVE-2009-2659
was published
for
Django
(pip)
May 2, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that...
Critical
Unreviewed
CVE-2024-8752
was published
Sep 16, 2024
Magento Open Source Path Traversal vulnerability
Moderate
CVE-2024-39406
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
ProTip!
Advisories are also available from the
GraphQL API