GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Spatie Browsershot Directory Traversal vulnerability
High
CVE-2024-21547
was published
for
spatie/browsershot
(Composer)
Dec 18, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
High
CVE-2024-52293
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Craft CMS Arbitrary System File Read
High
CVE-2024-52292
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
High
CVE-2024-52291
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
SQL injection in funadmin
High
CVE-2024-48224
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
High
CVE-2024-42485
was published
for
pxlrbt/filament-excel
(Composer)
Aug 12, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
High
GHSA-hx3m-959f-v849
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
Grav File Upload Path Traversal
High
CVE-2024-27921
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Appwrite Directory Traversal vulnerability
High
CVE-2022-25377
was published
for
appwrite/server-ce
(Composer)
Feb 23, 2024
OroPlatform vulnerable to path traversal during temporary file manipulations
High
CVE-2022-41951
was published
for
oro/platform
(Composer)
Nov 27, 2023
OpenCart Path Traversal vulnerability
High
CVE-2023-2315
was published
for
opencart/opencart
(Composer)
Sep 27, 2023
Cecil Path Traversal vulnerability
High
CVE-2023-4914
was published
for
cecil/cecil
(Composer)
Sep 12, 2023
elFinder vulnerable to path traversal in LocalVolumeDriver connector
High
CVE-2023-35840
was published
for
studio-42/elfinder
(Composer)
Jun 14, 2023
Froxlor vulnerable to Path Traversal
High
CVE-2023-3172
was published
for
froxlor/froxlor
(Composer)
Jun 9, 2023
Path traversal vulnerability in the file manager
High
CVE-2023-29200
was published
for
contao/contao
(Composer)
Apr 26, 2023
Fix for arbitrary file deletion in customer media allows for remote code execution
High
CVE-2021-41143
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Lavalite vulnerable to Arbitrary File Read via Directory Traversal
High
CVE-2022-42188
was published
for
lavalite/cms
(Composer)
Oct 19, 2022
melisplatform/melis-asset-manager vulnerable to Path Traversal
High
CVE-2022-39296
was published
for
melisplatform/melis-asset-manager
(Composer)
Oct 11, 2022
Twig may load a template outside a configured directory when using the filesystem loader
High
CVE-2022-39261
was published
for
twig/twig
(Composer)
Sep 30, 2022
ICEcoder vulnerable to Path Traversal
High
CVE-2022-34026
was published
for
icecoder/icecoder
(Composer)
Sep 23, 2022
ProTip!
Advisories are also available from the
GraphQL API