Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,631 advisories

Loading
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-7x4w-cj9r-h4v9 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of... High Unreviewed
CVE-2024-42501 was published Sep 17, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13... High Unreviewed
CVE-2024-44167 was published Sep 17, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS... High Unreviewed
CVE-2024-27869 was published Sep 17, 2024
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited,... High Unreviewed
CVE-2024-7961 was published Sep 12, 2024
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7... High Unreviewed
CVE-2024-37728 was published Sep 10, 2024
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2024-44867 was published Sep 10, 2024
nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of... High Unreviewed
CVE-2024-45845 was published Sep 10, 2024
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe... High Unreviewed
CVE-2024-44720 was published Sep 9, 2024
A path traversal vulnerability allows an attacker with a low-privileged account and local access... High Unreviewed
CVE-2024-40712 was published Sep 7, 2024
A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed
CVE-2023-30584 was published Sep 7, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions... High Unreviewed
CVE-2023-51366 was published Sep 6, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is... High Unreviewed
CVE-2024-45175 was published Sep 5, 2024
Path traversal vulnerability in stripe-cli High
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user... High Unreviewed
CVE-2024-45178 was published Sep 5, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory... High Unreviewed
CVE-2024-8104 was published Sep 4, 2024
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute... High Unreviewed
CVE-2024-34656 was published Sep 4, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
@actions/download-artifact has an Arbitrary File Write via artifact extraction High
GHSA-cxww-7g56-2vh6 was published for actions/download-artifact (GitHub Actions) Sep 3, 2024
holmanb
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
Ollama can extract members of a ZIP archive outside of the parent directory High
CVE-2024-45436 was published for github.com/ollama/ollama (Go) Aug 29, 2024
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows... High Unreviewed
CVE-2024-6789 was published Aug 27, 2024
ProTip! Advisories are also available from the GraphQL API