GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli
(Go)
Dec 4, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
Buildah allows arbitrary directory mount
Moderate
CVE-2024-9675
was published
for
github.com/containers/buildah
(Go)
Oct 9, 2024
Owncast Path Traversal vulnerability
Moderate
CVE-2024-31450
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Grafana directory traversal for .cvs files
Moderate
CVE-2021-43815
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Archiver Path Traversal vulnerability
Moderate
CVE-2024-0406
was published
for
github.com/mholt/archiver
(Go)
Apr 6, 2024
Helm dependency management path traversal
Moderate
CVE-2024-25620
was published
for
helm.sh/helm/v3
(Go)
Feb 15, 2024
moby Access to remapped root allows privilege escalation to real root
Moderate
CVE-2021-21284
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
Path Traversal in Moby builder
Moderate
CVE-2020-27534
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Moderate
CVE-2024-24579
was published
for
github.com/anchore/stereoscope
(Go)
Jan 31, 2024
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Moderate
CVE-2023-43803
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Moderate
CVE-2023-43801
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
Moderate
CVE-2023-40026
was published
for
github.com/argoproj/argo-cd
(Go)
Sep 27, 2023
Sender can cause a receiver to overwrite files during ZIP extraction in Croc
Moderate
CVE-2023-43616
was published
for
github.com/schollz/croc
(Go)
Sep 20, 2023
Terraform allows arbitrary file write during the `init` operation
Moderate
CVE-2023-4782
was published
for
github.com/hashicorp/terraform
(Go)
Sep 8, 2023
Kubernetes vulnerable to path traversal
Moderate
CVE-2022-3162
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)
Moderate
CVE-2018-1103
was published
for
github.com/openshift/source-to-image
(Go)
Feb 6, 2023
Path Traversal in github.com/go-sonic/sonic
Moderate
CVE-2022-46959
was published
for
github.com/go-sonic/sonic
(Go)
Jan 23, 2023
Velociraptor subject to Path Traversal
Moderate
CVE-2023-0290
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 19, 2023
pastebinit Path Traversal vulnerability
Moderate
CVE-2018-25059
was published
for
github.com/jessfraz/pastebinit
(Go)
Dec 30, 2022
Echo vulnerable to directory traversal
Moderate
CVE-2020-36565
was published
for
github.com/labstack/echo/v4
(Go)
Dec 7, 2022
Duplicate Advisory: KubeVirt arbitrary host file read from the VM
Moderate
CVE-2022-1798
was published
for
kubevirt.io/kubevirt
(Go)
Aug 18, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API