GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,060 advisories
Filter by severity
Path Traversal in file update API in gogs
High
CVE-2024-55947
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Remote Command Execution in file editing in gogs
High
CVE-2024-54148
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Spring Framework Path Traversal vulnerability
High
CVE-2024-38819
was published
for
org.springframework:spring-webflux
(Maven)
Dec 19, 2024
Spatie Browsershot Directory Traversal vulnerability
High
CVE-2024-21547
was published
for
spatie/browsershot
(Composer)
Dec 18, 2024
PGHoard Path Traversal vulnerability
Moderate
CVE-2024-56142
was published
for
pghoard
(pip)
Dec 17, 2024
python-libarchive directory traversal
High
CVE-2024-55587
was published
for
python-libarchive
(pip)
Dec 12, 2024
SiYuan has an arbitrary file read via /api/template/render
High
CVE-2024-55657
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources
High
CVE-2024-55658
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file write in the host via /api/asset/upload
High
CVE-2024-55659
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Apache Struts file upload logic is flawed
Critical
CVE-2024-53677
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 11, 2024
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli
(Go)
Dec 4, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Moderate
CVE-2024-54004
was published
for
aendter.jenkins.plugins:filesystem-list-parameter-plugin
(Maven)
Nov 27, 2024
libre-chat Path Traversal vulnerability
Moderate
CVE-2024-52787
was published
for
libre-chat
(pip)
Nov 25, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
FitNesse Path Traversal
Moderate
CVE-2024-42499
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
DotNetZip Directory Traversal vulnerability
High
CVE-2024-48510
was published
for
DotNetZip
(NuGet)
Nov 13, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
High
CVE-2024-52293
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Craft CMS Arbitrary System File Read
High
CVE-2024-52292
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
High
CVE-2024-52291
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Moderate
CVE-2024-50336
was published
for
matrix-js-sdk
(npm)
Nov 12, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
ProTip!
Advisories are also available from the
GraphQL API