GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
342 advisories
Filter by severity
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Composio Path Traversal vulnerability
Moderate
CVE-2024-8865
was published
for
composio-core
(pip)
Sep 16, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45188
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45189
was published
for
mage-ai
(pip)
Aug 23, 2024
Magento Open Source Path Traversal vulnerability
Moderate
CVE-2024-39406
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Path traveral in Streamlit on windows
Moderate
CVE-2024-42474
was published
for
streamlit
(pip)
Aug 12, 2024
CometVisu Backend for openHAB has a path traversal vulnerability
Moderate
CVE-2024-42468
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Directory creation by malicious user in saltstack
Moderate
CVE-2024-22231
was published
for
salt
(pip)
Jun 27, 2024
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Moderate
CVE-2023-49793
was published
for
codechecker
(pip)
Jun 24, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
CVE-2024-37169
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
Twig Path Traversal vulnerability in the filesystem loader
Moderate
GHSA-7cvr-xhm5-x998
was published
for
twig/twig
(Composer)
May 30, 2024
Jenkins Report Info Plugin Path Traversal vulnerability
Moderate
CVE-2024-5273
was published
for
org.jenkins-ci.plugins:report-info
(Maven)
May 24, 2024
Grafana directory traversal for .cvs files
Moderate
CVE-2021-43815
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Moderate
CVE-2024-32869
was published
for
hono
(npm)
Apr 23, 2024
langchain vulnerable to path traversal
Moderate
CVE-2024-3571
was published
for
langchain
(pip)
Apr 16, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Archiver Path Traversal vulnerability
Moderate
CVE-2024-0406
was published
for
github.com/mholt/archiver
(Go)
Apr 6, 2024
Whoogle Search Path Traversal vulnerability
Moderate
CVE-2024-22204
was published
for
whoogle-search
(pip)
Mar 14, 2024
Path disclosure in JavaScript variable
Moderate
CVE-2024-26129
was published
for
prestashop/prestashop
(Composer)
Feb 21, 2024
ProTip!
Advisories are also available from the
GraphQL API