GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Path traversal in redaxo
Moderate
CVE-2024-46212
was published
for
redaxo/source
(Composer)
Oct 16, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Magento Open Source Path Traversal vulnerability
Moderate
CVE-2024-39406
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Twig Path Traversal vulnerability in the filesystem loader
Moderate
GHSA-7cvr-xhm5-x998
was published
for
twig/twig
(Composer)
May 30, 2024
Magento Insecure Direct Object Reference (IDOR) vulnerability
Moderate
CVE-2019-7925
was published
for
magento/community-edition
(Composer)
May 24, 2022
Contao Core directory traversal vulnerability
Moderate
CVE-2015-0269
was published
for
contao/core
(Composer)
May 17, 2022
TYPO3 Directory Traversal on ZIP extraction
Moderate
CVE-2019-19848
was published
for
typo3/cms
(Composer)
May 24, 2022
Grav CMS Local File Injection
Moderate
CVE-2020-29556
was published
for
getgrav/grav
(Composer)
May 24, 2022
phpMyAdmin Arbitrary file read vulnerability
Moderate
CVE-2019-6799
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
OpenCart Path Traversal
Moderate
CVE-2018-11495
was published
for
opencart/opencart
(Composer)
May 14, 2022
Path disclosure in JavaScript variable
Moderate
CVE-2024-26129
was published
for
prestashop/prestashop
(Composer)
Feb 21, 2024
Path Traversal in TYPO3 File Abstraction Layer Storages
Moderate
CVE-2023-30451
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal
Moderate
GHSA-3gjc-mp82-fj4q
was published
for
typo3/cms-core
(Composer)
Dec 25, 2023
•
withdrawn
Smarty Path Traversal Vulnerability
Moderate
CVE-2018-16831
was published
for
smarty/smarty
(Composer)
May 14, 2022
SabreDAV Directory Traversal vulnerability
Moderate
CVE-2013-1939
was published
for
sabre/dav
(Composer)
May 14, 2022
browsershot local file inclusion vulnerability
Moderate
CVE-2020-7790
was published
for
spatie/browsershot
(Composer)
May 24, 2022
Moodle directory traversal vulnerability
Moderate
CVE-2015-1493
was published
for
moodle/moodle
(Composer)
May 13, 2022
phpMyAdmin Directory Traversal Vulnerability
Moderate
CVE-2011-2718
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ForkCMS Directory Traversal vulnerability
Moderate
CVE-2012-1207
was published
for
forkcms/forkcms
(Composer)
May 17, 2022
Magento Path Traversal vulnerability
Moderate
CVE-2021-28584
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API