GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,498

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

576 advisories

Filter by severity

Sort by

Least recently updated

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to... Critical Unreviewed

CVE-2022-48253 was published Jan 11, 2023

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to... Critical Unreviewed

CVE-2022-4101 was published Jan 16, 2023

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed

CVE-2021-42853 was published Mar 11, 2022

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet... Critical Unreviewed

CVE-2021-42854 was published Mar 11, 2022

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed

CVE-2021-42787 was published Mar 11, 2022

An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private... Critical Unreviewed

CVE-2021-45887 was published Mar 14, 2022

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. Critical Unreviewed

CVE-2022-1000 was published Mar 18, 2022

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer... Critical Unreviewed

CVE-2020-25176 was published Mar 19, 2022

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path... Critical Unreviewed

CVE-2022-0679 was published Mar 29, 2022

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed

CVE-2022-27277 was published Apr 11, 2022

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which... Critical Unreviewed

CVE-2021-36288 was published Apr 9, 2022

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes... Critical Unreviewed

CVE-2021-43741 was published Apr 14, 2022

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Critical Unreviewed

CVE-2021-22794 was published Apr 14, 2022

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a... Critical Unreviewed

CVE-2021-43290 was published Apr 15, 2022

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter... Critical Unreviewed

CVE-2022-1390 was published Apr 26, 2022

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL... Critical Unreviewed

CVE-2014-4650 was published May 17, 2022

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for... Critical Unreviewed

CVE-2019-9948 was published May 24, 2022

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute... Critical Unreviewed

CVE-2020-27730 was published May 24, 2022

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than... Critical Unreviewed

CVE-2020-27304 was published May 24, 2022

The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter... Critical Unreviewed

CVE-2022-1391 was published Apr 26, 2022

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands... Critical Unreviewed

CVE-2020-20277 was published May 24, 2022

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file... Critical Unreviewed

CVE-2022-32270 was published Jun 4, 2022

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow... Critical Unreviewed

CVE-2021-26714 was published May 24, 2022

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to... Critical Unreviewed

CVE-2021-20034 was published May 24, 2022

An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted... Critical Unreviewed

CVE-2022-28945 was published Jun 3, 2022

Previous 1 2 3 4 5 … 23 24 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

576 advisories