GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
Path Traversal in XWiki Platform
Low
CVE-2022-29253
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 1, 2022
Path traversal in Jenkins Mercurial Plugin
Low
CVE-2022-30948
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 18, 2022
Path traversal in Node-Red
Low
CVE-2021-21298
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
Starlette has Path Traversal vulnerability in StaticFiles
Low
CVE-2023-29159
was published
for
starlette
(pip)
May 17, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Low
CVE-2023-41057
was published
for
hyper-bump-it
(pip)
Sep 4, 2023
Graylog server has partial path traversal vulnerability in Support Bundle feature
Low
CVE-2023-41044
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
Low
GHSA-8459-6rc9-8vf8
was published
for
github.com/cloudflare/cfrpki
(Go)
Feb 14, 2022
Puppet vulnerable to Path Traversal
Low
CVE-2012-3865
was published
for
puppet
(RubyGems)
Oct 24, 2017
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
Low
CVE-2023-46122
was published
for
org.scala-sbt:io_2.12
(Maven)
Oct 24, 2023
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite
Low
CVE-2016-1000021
was published
for
cli
(npm)
May 24, 2022
•
withdrawn
Path traversal in Jenkins REPO Plugin
Low
CVE-2022-30949
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 18, 2022
Winter CMS Local File Inclusion through Server Side Template Injection
Low
CVE-2023-52085
was published
for
winter/wn-backend-module
(Composer)
Jan 2, 2024
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Low
GHSA-qwf7-rv77-fcr3
was published
for
iodine
(RubyGems)
Jan 4, 2024
•
withdrawn
Malicious URL drafting attack against iodines static file server may allow path traversal
Low
CVE-2024-22050
was published
for
iodine
(RubyGems)
Oct 7, 2019
Apache Tomcat Path Traversal Vulnerability
Low
CVE-2007-5461
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Plugin archive directory traversal in Helm
Low
CVE-2020-4053
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Low
CVE-2010-3718
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Pleroma Path Traversal vulnerability
Low
CVE-2023-5588
was published
for
pleroma
(Erlang)
Oct 16, 2023
phpMyFAQ Path Traversal in Attachments
Low
CVE-2024-29196
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API