GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
Path traversal in librenms/librenms
Critical
CVE-2021-44278
was published
for
librenms/librenms
(Composer)
Dec 10, 2021
Path Traversal in ImpressCMS
Critical
CVE-2022-24977
was published
for
impresscms/impresscms
(Composer)
Feb 15, 2022
Path Traversal in Studio-42 elFinder through 2.1.60
Critical
CVE-2022-26960
was published
for
studio-42/elfinder
(Composer)
Mar 22, 2022
PEAR::Archive_Tar Directory Traversal vulnerability
Critical
CVE-2006-0931
was published
for
pear/archive_tar
(Composer)
May 1, 2022
elFinder Path Traversal vulnerability
Critical
CVE-2018-9109
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
Directory Traversal in Studio 42 elFinder
Critical
CVE-2018-9110
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
Path traversal in Concrete CMS
Critical
CVE-2022-30117
was published
for
concrete5/core
(Composer)
Jun 25, 2022
ThinkPHP Framework vulnerable to remote code execution
Critical
CVE-2022-47945
was published
for
topthink/framework
(Composer)
Dec 23, 2022
php-imap vulnerable to RCE through a directory traversal vulnerability
Critical
CVE-2023-35169
was published
for
webklex/laravel-imap
(Composer)
Jun 21, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Critical
CVE-2015-5467
was published
for
yiisoft/yii2
(Composer)
Sep 21, 2023
PHPMemcachedAdmin Path Traversal vulnerability
Critical
CVE-2023-6026
was published
for
elijaa/phpmemcacheadmin
(Composer)
Nov 30, 2023
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API