GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,498

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

576 advisories

Filter by severity

Sort by

Least recently updated

Using the parameter of getPFXFolderList function, attackers can see the information of... Critical Unreviewed

CVE-2020-7882 was published Nov 23, 2021

An unspecified version of tripexpress is affected by a path manipulation vulnerability in file... Critical Unreviewed

CVE-2021-43691 was published Nov 30, 2021

** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation... Critical Unreviewed

CVE-2021-43674 was published Dec 4, 2021

There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed

CVE-2021-37099 was published Dec 8, 2021

There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed

CVE-2021-37088 was published Dec 8, 2021

There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed

CVE-2021-37087 was published Dec 8, 2021

There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei... Critical Unreviewed

CVE-2021-37064 was published Dec 8, 2021

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted... Critical Unreviewed

CVE-2021-31746 was published Dec 11, 2021

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix... Critical Unreviewed

CVE-2021-21894 was published Dec 23, 2021

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed

CVE-2020-20944 was published Dec 28, 2021

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due... Critical Unreviewed

CVE-2021-45427 was published Dec 31, 2021

HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability... Critical Unreviewed

CVE-2021-37128 was published Jan 4, 2022

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an... Critical Unreviewed

CVE-2020-17383 was published Jan 25, 2022

The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive... Critical Unreviewed

CVE-2021-23520 was published Feb 1, 2022

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise... Critical Unreviewed

CVE-2022-0320 was published Feb 2, 2022

mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter... Critical Unreviewed

CVE-2022-23357 was published Feb 8, 2022

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that... Critical Unreviewed

CVE-2022-24311 was published Feb 11, 2022

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that... Critical Unreviewed

CVE-2022-24312 was published Feb 11, 2022

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an... Critical Unreviewed

CVE-2020-14523 was published Feb 12, 2022

IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of... Critical Unreviewed

CVE-2021-38892 was published Feb 12, 2022

An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent.... Critical Unreviewed

CVE-2021-26619 was published Feb 19, 2022

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet... Critical Unreviewed

CVE-2021-42854 was published Mar 11, 2022

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed

CVE-2021-42787 was published Mar 11, 2022

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed

CVE-2021-42853 was published Mar 11, 2022

An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private... Critical Unreviewed

CVE-2021-45887 was published Mar 14, 2022

Previous 1 2 3 4 5 … 23 24 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

576 advisories