Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

665 advisories

Loading
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG... Critical Unreviewed
CVE-2018-6677 was published May 13, 2022
A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects... Critical Unreviewed
CVE-2022-3940 was published Nov 11, 2022
A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by... Critical Unreviewed
CVE-2022-3939 was published Nov 11, 2022
A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects... Critical Unreviewed
CVE-2015-10024 was published Jan 7, 2023
A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects... Critical Unreviewed
CVE-2022-4880 was published Jan 7, 2023
Linear eMerge 50P/5000P devices allow Cookie Path Traversal. Critical Unreviewed
CVE-2019-7267 was published May 24, 2022
Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2022-45290 was published Dec 9, 2022
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho... Critical Unreviewed
CVE-2020-21642 was published Aug 16, 2022
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by... Critical Unreviewed
CVE-2019-13551 was published May 24, 2022
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20... Critical Unreviewed
CVE-2022-1664 was published May 27, 2022
Alist vulnerable to Path Traversal Critical
CVE-2022-45969 was published for github.com/alist-org/alist/v3 (Go) Dec 16, 2022
A vulnerability classified as critical has been found in Calsign APDE. This affects the function... Critical Unreviewed
CVE-2020-36628 was published Dec 25, 2022
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter... Critical Unreviewed
CVE-2022-23357 was published Feb 8, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to... Critical Unreviewed
CVE-2020-12315 was published May 24, 2022
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an... Critical Unreviewed
CVE-2022-38418 was published Oct 15, 2022
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of... Critical Unreviewed
CVE-2020-27160 was published May 24, 2022
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated... Critical Unreviewed
CVE-2020-26837 was published May 24, 2022
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it... Critical Unreviewed
CVE-2020-29600 was published May 24, 2022
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6.... Critical Unreviewed
CVE-2018-19945 was published May 24, 2022
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an... Critical Unreviewed
CVE-2020-13450 was published May 24, 2022
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote... Critical Unreviewed
CVE-2020-28187 was published May 24, 2022
Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to... Critical Unreviewed
CVE-2020-36052 was published May 24, 2022
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered... Critical Unreviewed
CVE-2022-28814 was published Sep 29, 2022
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions... Critical Unreviewed
CVE-2020-8271 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database