Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6,014 advisories

Loading
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet... Moderate Unreviewed
CVE-2024-21753 was published Sep 10, 2024
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2024-44867 was published Sep 10, 2024
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7... High Unreviewed
CVE-2024-37728 was published Sep 10, 2024
nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of... High Unreviewed
CVE-2024-45845 was published Sep 10, 2024
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe... High Unreviewed
CVE-2024-44720 was published Sep 9, 2024
Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file... Moderate Unreviewed
CVE-2024-8585 was published Sep 9, 2024
A path traversal vulnerability allows an attacker with a low-privileged account and local access... High Unreviewed
CVE-2024-40712 was published Sep 7, 2024
A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed
CVE-2023-30584 was published Sep 7, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions... Moderate Unreviewed
CVE-2024-21904 was published Sep 6, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions... High Unreviewed
CVE-2023-51366 was published Sep 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-6445 was published Sep 6, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is... High Unreviewed
CVE-2024-45175 was published Sep 5, 2024
Path traversal vulnerability in stripe-cli High
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user... High Unreviewed
CVE-2024-45178 was published Sep 5, 2024
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the... Moderate Unreviewed
CVE-2024-45074 was published Sep 4, 2024
A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This... Moderate Unreviewed
CVE-2024-8409 was published Sep 4, 2024
A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This... Moderate Unreviewed
CVE-2024-8410 was published Sep 4, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory... High Unreviewed
CVE-2024-8104 was published Sep 4, 2024
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access... Moderate Unreviewed
CVE-2024-34653 was published Sep 4, 2024
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute... High Unreviewed
CVE-2024-34656 was published Sep 4, 2024
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Critical Unreviewed
CVE-2024-7950 was published Sep 4, 2024
Directory traversal vulnerability in the cust module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-45443 was published Sep 4, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
@actions/download-artifact has an Arbitrary File Write via artifact extraction High
GHSA-cxww-7g56-2vh6 was published for actions/download-artifact (GitHub Actions) Sep 3, 2024
holmanb
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
ProTip! Advisories are also available from the GraphQL API