GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Directory traversal attack in Spring Cloud Config
High
CVE-2020-5410
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
Jun 5, 2020
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
Relative Path Traversal in git-delta
High
CVE-2021-36376
was published
for
git-delta
(Rust)
Aug 25, 2021
Cecil Path Traversal vulnerability
High
CVE-2023-4914
was published
for
cecil/cecil
(Composer)
Sep 12, 2023
Parse Server may crash when uploading file without extension
High
CVE-2023-46119
was published
for
parse-server
(npm)
Oct 24, 2023
Upload of file to arbitrary path in Apache Flink
High
CVE-2020-17518
was published
for
org.apache.flink:flink-runtime
(Maven)
Feb 9, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
Unsecured endpoints in the jupyter-lsp server extension
High
CVE-2024-22415
was published
for
jupyter-lsp
(pip)
Jan 18, 2024
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle
High
CVE-2020-5237
was published
for
oneup/uploader-bundle
(Composer)
Feb 18, 2020
NiceGUI allows potential access to local file system
High
CVE-2024-32005
was published
for
nicegui
(pip)
Apr 12, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
High
CVE-2024-43399
was published
for
mobsf
(pip)
Aug 19, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
High
CVE-2021-41127
was published
for
rasa
(pip)
Oct 22, 2021
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
High
CVE-2024-45816
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API