GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Path traversal in redaxo
Moderate
CVE-2024-46212
was published
for
redaxo/source
(Composer)
Oct 16, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Magento Open Source Path Traversal vulnerability
Moderate
CVE-2024-39406
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Twig Path Traversal vulnerability in the filesystem loader
Moderate
GHSA-7cvr-xhm5-x998
was published
for
twig/twig
(Composer)
May 30, 2024
Path disclosure in JavaScript variable
Moderate
CVE-2024-26129
was published
for
prestashop/prestashop
(Composer)
Feb 21, 2024
Path Traversal in TYPO3 File Abstraction Layer Storages
Moderate
CVE-2023-30451
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal
Moderate
GHSA-3gjc-mp82-fj4q
was published
for
typo3/cms-core
(Composer)
Dec 25, 2023
•
withdrawn
Potential URI resolution path traversal in the AWS SDK for PHP
Moderate
CVE-2023-51651
was published
for
aws/aws-sdk-php
(Composer)
Dec 21, 2023
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Moderate
CVE-2023-43648
was published
for
baserproject/basercms
(Composer)
Oct 26, 2023
PrestaShop file access through path traversal
Moderate
CVE-2023-39528
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop path traversal
Moderate
CVE-2023-39525
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
Moderate
CVE-2023-38708
was published
for
pimcore/pimcore
(Composer)
Aug 3, 2023
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Moderate
CVE-2023-30855
was published
for
pimcore/pimcore
(Composer)
May 2, 2023
Arbitrary File Read in Admin JS CSS files
Moderate
CVE-2023-30852
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
Path Traversal in Asset "import from server" option
Moderate
CVE-2023-2336
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files
Moderate
CVE-2023-27577
was published
for
flarum/core
(Composer)
Mar 13, 2023
SUKOHI Surpass Path Traversal vulnerability
Moderate
CVE-2015-10030
was published
for
sukohi/surpass
(Composer)
Jan 8, 2023
UniSharp Laravel Filemanager directory traversal vulnerability
Moderate
CVE-2022-40734
was published
for
unisharp/laravel-filemanager
(Composer)
Sep 15, 2022
Path Traversal in FileGator
Moderate
CVE-2022-1850
was published
for
filegator/filegator
(Composer)
May 25, 2022
Magento Path Traversal vulnerability
Moderate
CVE-2021-28584
was published
for
magento/community-edition
(Composer)
May 24, 2022
Grav CMS Local File Injection
Moderate
CVE-2020-29556
was published
for
getgrav/grav
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API