GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Arbitrary File Deletion vulnerability in OctoberCMS
Moderate
CVE-2020-5296
was published
for
october/cms
(Composer)
Jun 3, 2020
Upload whitelisted files to any directory in OctoberCMS
Low
CVE-2020-5297
was published
for
october/cms
(Composer)
Jun 3, 2020
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Moderate
CVE-2021-21343
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
High
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
ingress-nginx component for Kubernetes allows file overwrite
Moderate
CVE-2020-8553
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
Dompdf before v2.0.0 vulnerable to chroot check bypass
Moderate
CVE-2022-2400
was published
for
dompdf/dompdf
(Composer)
Jul 19, 2022
Cortex's Alertmanager can expose local files content via specially crafted config
Moderate
CVE-2022-23536
was published
for
github.com/cortexproject/cortex
(Go)
Dec 19, 2022
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
TeamPass External Control of File Name or Path vulnerability
High
CVE-2023-1070
was published
for
nilsteampassnet/teampass
(Composer)
Feb 27, 2023
Juju controller - Arbitrary file reading vulnerability
Moderate
CVE-2023-0092
was published
for
github.com/juju/juju
(Go)
Mar 1, 2023
Moodle External Control of File Name or Path vulnerability
Moderate
CVE-2023-30943
was published
for
moodle/moodle
(Composer)
May 2, 2023
External Control of File Name or Path in h2oai/h2o-3
Critical
CVE-2023-6569
was published
for
h2o
(pip)
Dec 14, 2023
php-svg-lib lacks path validation on font through SVG inline styles
Moderate
CVE-2024-25117
was published
for
phenx/php-svg-lib
(Composer)
Feb 21, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Moderate
CVE-2024-23634
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
High
CVE-2024-1603
was published
for
paddlepaddle
(pip)
Mar 23, 2024
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
Remote code execution in web server context
High
CVE-2024-37295
was published
for
aimeos/aimeos-core
(Composer)
Jun 5, 2024
Weblate vulnerable to improper sanitization of project backups
Low
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Low
GHSA-6vrw-mpj8-3j59
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Moderate
CVE-2024-10492
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API