Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Path Traversal in LibreNMS High
CVE-2019-12464 was published for librenms/librenms (Composer) Oct 11, 2019
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle High
CVE-2020-5237 was published for oneup/uploader-bundle (Composer) Feb 18, 2020
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Mautic users able to download any files from server using filemanager Moderate
CVE-2017-1000490 was published for mautic/core (Composer) Jan 19, 2021
Path traversal in bolt/core High
CVE-2021-27367 was published for bolt/core (Composer) Feb 18, 2021
Path traversal in pimcore/pimcore High
CVE-2021-23340 was published for pimcore/pimcore (Composer) Feb 25, 2021
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Path Traversal within joomla/archive zip class Moderate
CVE-2021-26028 was published for joomla/archive (Composer) Mar 24, 2021
Directory Traversal in Archive_Tar High
CVE-2020-36193 was published for pear/archive_tar (Composer) Apr 22, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
Path traversal in grav High
CVE-2021-3924 was published for getgrav/grav (Composer) Nov 10, 2021
Potential Zip Slip Vulnerability in baserCMS High
CVE-2021-41279 was published for baserproject/basercms (Composer) Dec 1, 2021
Path manipulation in matyhtf/framework Critical
CVE-2021-43676 was published for matyhtf/framework (Composer) Dec 4, 2021
Rudloff
Path traversal in librenms/librenms Critical
CVE-2021-44278 was published for librenms/librenms (Composer) Dec 10, 2021
PHP file inclusion in the Sulu admin panel High
CVE-2021-43836 was published for sulu/sulu (Composer) Dec 15, 2021
Path Traversal in the Logs plugin for Craft CMS Moderate
CVE-2022-23409 was published for ether/logs (Composer) Feb 1, 2022
Zip slip in Microweber High
CVE-2020-28337 was published for microweber/microweber (Composer) Feb 10, 2022
Path Traversal in S-Cart Moderate
CVE-2021-44111 was published for s-cart/s-cart (Composer) Feb 12, 2022
Path Traversal in ImpressCMS Critical
CVE-2022-24977 was published for impresscms/impresscms (Composer) Feb 15, 2022
Path traversal in pimcore Moderate
CVE-2022-0665 was published for pimcore/pimcore (Composer) Feb 23, 2022
Path Traversal in Studio-42 elFinder through 2.1.60 Critical
CVE-2022-26960 was published for studio-42/elfinder (Composer) Mar 22, 2022
Path Traversal in ImpressCMS High
CVE-2021-26601 was published for impresscms/impresscms (Composer) Mar 29, 2022
Path Traversal within joomla/archive tar class High
CVE-2022-23793 was published for joomla/archive (Composer) Mar 31, 2022
phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence Moderate
CVE-2006-3360 was published for phpsysinfo/phpsysinfo (Composer) May 1, 2022
ProTip! Advisories are also available from the GraphQL API