Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
BuildKit vulnerable to possible host system access from mount stub cleaner Critical
CVE-2024-23652 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 0xJacky
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients Critical
CVE-2023-49569 was published for github.com/go-git/go-git/v5 (Go) Jan 10, 2024
bdilalu
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
PHPMemcachedAdmin Path Traversal vulnerability Critical
CVE-2023-6026 was published for elijaa/phpmemcacheadmin (Composer) Nov 30, 2023
Ray Path Traversal vulnerability Critical
CVE-2023-6021 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
MLflow allowed arbitrary files to be PUT onto the server Critical
CVE-2023-6015 was published for mlflow (pip) Nov 16, 2023
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter Critical
CVE-2023-37913 was published for org.xwiki.platform:xwiki-platform-office-importer (Maven) Oct 25, 2023
Yamcs API Directory Traversal vulnerability Critical
CVE-2023-45278 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter Critical
CVE-2015-5467 was published for yiisoft/yii2 (Composer) Sep 21, 2023
NATS nats-server allows directory traversal via unintended path to a management action Critical
CVE-2022-28357 was published for github.com/nats-io/nats-server (Go) Sep 19, 2023
Path traversal and code execution via prototype vulnerability Critical
CVE-2023-26045 was published for nodebb (npm) Jul 25, 2023
starinfar
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability Critical
CVE-2023-35169 was published for webklex/laravel-imap (Composer) Jun 21, 2023
angelej
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
Arbitrary file deletion in ureport Critical
CVE-2023-24188 was published for com.bstek.ureport:ureport2-core (Maven) Feb 13, 2023
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core` Critical
CVE-2023-24057 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Jan 23, 2023
JLLeitschuh
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL Critical
CVE-2022-45299 was published for webbrowser (Rust) Jan 13, 2023
tdunlap607
Cloud Foundry Archiver vulnerable to path traversal Critical
CVE-2018-25046 was published for code.cloudfoundry.org/archiver (Go) Dec 28, 2022
go-unzip vulnerable to Path Traversal Critical
CVE-2020-36560 was published for github.com/artdarek/go-unzip (Go) Dec 28, 2022
tar-utils Path Traversal vulnerability Critical
CVE-2020-36566 was published for github.com/whyrusleeping/tar-utils (Go) Dec 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database