GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Critical
CVE-2024-23827
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
sjqzhang go-fastdfs vulnerable to path traversal
Critical
CVE-2023-1800
was published
for
github.com/sjqzhang/go-fastdfs
(Go)
Apr 2, 2023
Pterodactyl Wings vulnerable to improper isolation of server file access
Critical
CVE-2024-27102
was published
for
github.com/pterodactyl/wings
(Go)
Mar 15, 2024
BuildKit vulnerable to possible host system access from mount stub cleaner
Critical
CVE-2024-23652
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Critical
CVE-2023-49569
was published
for
github.com/go-git/go-git/v4
(Go)
Jan 10, 2024
NATS nats-server allows directory traversal via unintended path to a management action
Critical
CVE-2022-28357
was published
for
github.com/nats-io/nats-server
(Go)
Sep 19, 2023
tar-utils Path Traversal vulnerability
Critical
CVE-2020-36566
was published
for
github.com/whyrusleeping/tar-utils
(Go)
Dec 28, 2022
Unzip vulnerable to path traversal
Critical
CVE-2020-36561
was published
for
github.com/yi-ge/unzip
(Go)
Dec 28, 2022
Path Traversal in Beego
Critical
CVE-2022-31836
was published
for
github.com/beego/beego
(Go)
Jul 6, 2022
go-unzip vulnerable to Path Traversal
Critical
CVE-2020-36560
was published
for
github.com/artdarek/go-unzip
(Go)
Dec 28, 2022
Casdoor arbitrary file write vulnerability
Critical
CVE-2022-38638
was published
for
github.com/casdoor/casdoor
(Go)
Sep 10, 2022
gitjacker arbitrary code execution
Critical
CVE-2021-29417
was published
for
github.com/liamg/gitjacker
(Go)
May 24, 2022
Tarslip in go-unarr
Critical
CVE-2021-38197
was published
for
github.com/gen2brain/go-unarr
(Go)
Sep 1, 2021
Cloud Foundry Archiver vulnerable to path traversal
Critical
CVE-2018-25046
was published
for
code.cloudfoundry.org/archiver
(Go)
Dec 28, 2022
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
Critical
CVE-2022-39345
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Oct 25, 2022
Alist vulnerable to Path Traversal
Critical
CVE-2022-45969
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 16, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
ProTip!
Advisories are also available from the
GraphQL API