GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
361 advisories
Filter by severity
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli/v2
(Go)
Dec 4, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Moderate
CVE-2024-54004
was published
for
aendter.jenkins.plugins:filesystem-list-parameter-plugin
(Maven)
Nov 27, 2024
libre-chat Path Traversal vulnerability
Moderate
CVE-2024-52787
was published
for
libre-chat
(pip)
Nov 25, 2024
Path traveral in Streamlit on windows
Moderate
CVE-2024-42474
was published
for
streamlit
(pip)
Aug 12, 2024
OpenStack Nova Directory traversal vulnerability
Moderate
CVE-2012-3360
was published
for
nova
(pip)
May 17, 2022
Buildah allows arbitrary directory mount
Moderate
CVE-2024-9675
was published
for
github.com/containers/buildah
(Go)
Oct 9, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
UBI Reader vulnerable to Path Traversal
Moderate
CVE-2022-4572
was published
for
ubi-reader
(pip)
Dec 17, 2022
FitNesse Path Traversal
Moderate
CVE-2024-42499
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Moderate
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
Owncast Path Traversal vulnerability
Moderate
CVE-2024-31450
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
JSZip contains Path Traversal via loadAsync
Moderate
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Moderate
CVE-2024-50336
was published
for
matrix-js-sdk
(npm)
Nov 12, 2024
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
changedetection.io Path Traversal
Moderate
CVE-2024-51483
was published
for
changedetection.io
(pip)
Nov 1, 2024
Langchain Path Traversal vulnerability
Moderate
CVE-2024-7774
was published
for
langchain
(npm)
Oct 29, 2024
Jenkins HTML Publisher Plugin Path traversal vulnerability
Moderate
CVE-2024-28151
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Starlette has Path Traversal vulnerability in StaticFiles
Moderate
CVE-2023-29159
was published
for
starlette
(pip)
May 17, 2023
S3Scanner allows Directory Traversal
Moderate
CVE-2021-32061
was published
for
s3scanner
(pip)
Nov 30, 2021
ProTip!
Advisories are also available from the
GraphQL API