GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
594 advisories
Filter by severity
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to...
Critical
Unreviewed
CVE-2022-48253
was published
Jan 11, 2023
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to...
Critical
Unreviewed
CVE-2022-4101
was published
Jan 16, 2023
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet...
Critical
Unreviewed
CVE-2021-42854
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42853
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42787
was published
Mar 11, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private...
Critical
Unreviewed
CVE-2021-45887
was published
Mar 14, 2022
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
Critical
Unreviewed
CVE-2022-1000
was published
Mar 18, 2022
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer...
Critical
Unreviewed
CVE-2020-25176
was published
Mar 19, 2022
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path...
Critical
Unreviewed
CVE-2022-0679
was published
Mar 29, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain...
Critical
Unreviewed
CVE-2022-27277
was published
Apr 11, 2022
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which...
Critical
Unreviewed
CVE-2021-36288
was published
Apr 9, 2022
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes...
Critical
Unreviewed
CVE-2021-43741
was published
Apr 14, 2022
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')...
Critical
Unreviewed
CVE-2021-22794
was published
Apr 14, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a...
Critical
Unreviewed
CVE-2021-43290
was published
Apr 15, 2022
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter...
Critical
Unreviewed
CVE-2022-1390
was published
Apr 26, 2022
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL...
Critical
Unreviewed
CVE-2014-4650
was published
May 17, 2022
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for...
Critical
Unreviewed
CVE-2019-9948
was published
May 24, 2022
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute...
Critical
Unreviewed
CVE-2020-27730
was published
May 24, 2022
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than...
Critical
Unreviewed
CVE-2020-27304
was published
May 24, 2022
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter...
Critical
Unreviewed
CVE-2022-1391
was published
Apr 26, 2022
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands...
Critical
Unreviewed
CVE-2020-20277
was published
May 24, 2022
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow...
Critical
Unreviewed
CVE-2021-26714
was published
May 24, 2022
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file...
Critical
Unreviewed
CVE-2022-32270
was published
Jun 4, 2022
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to...
Critical
Unreviewed
CVE-2021-20034
was published
May 24, 2022
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted...
Critical
Unreviewed
CVE-2022-28945
was published
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API