Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

371 advisories

Loading
Arbitrary file read using percent-encoded relative paths in FileMiddleware Moderate
CVE-2020-15230 was published for github.com/vapor/vapor (Swift) Jun 9, 2023
lmcd
hawtio vulnerable to Path Traversal Moderate
CVE-2023-33544 was published for io.hawt:project (Maven) Jun 1, 2023
Starlette has Path Traversal vulnerability in StaticFiles Moderate
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
Jenkins Code Dx Plugin missing permission checks Moderate
CVE-2023-2196 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Sidebar Link Plugin vulnerable to Path Traversal Moderate
CVE-2023-32985 was published for org.jenkins-ci.plugins:sidebar-link (Maven) May 16, 2023
n8n Directory Traversal vulnerability Moderate
CVE-2023-27562 was published for n8n (npm) May 10, 2023
MarkLee131
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php Moderate
CVE-2023-30855 was published for pimcore/pimcore (Composer) May 2, 2023
Arbitrary File Read in Admin JS CSS files Moderate
CVE-2023-30852 was published for pimcore/pimcore (Composer) Apr 27, 2023
Path Traversal in Asset "import from server" option Moderate
CVE-2023-2336 was published for pimcore/pimcore (Composer) Apr 27, 2023
rekter0
pretalx allows path traversal in HTML export Moderate
CVE-2023-28458 was published for pretalx (pip) Apr 20, 2023
Path traversal vulnerability in gatsby-plugin-sharp Moderate
CVE-2023-30548 was published for gatsby-plugin-sharp (npm) Apr 20, 2023
Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location Moderate
CVE-2022-23522 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
pgAdmin 4 vulnerable to directory traversal Moderate
CVE-2023-0241 was published for pgadmin4 (pip) Mar 27, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files Moderate
CVE-2023-27577 was published for flarum/core (Composer) Mar 13, 2023
Kubernetes vulnerable to path traversal Moderate
CVE-2022-3162 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
Path traversal vulnerability in glance Moderate
CVE-2022-25937 was published for glance (npm) Feb 13, 2023
lirantal
StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route Moderate
CVE-2023-24815 was published for io.vertx:vertx-web (Maven) Feb 10, 2023
adrien-aubert-drovio
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) Moderate
CVE-2018-1103 was published for github.com/openshift/source-to-image (Go) Feb 6, 2023
Path traversal in ubi-reader Moderate
CVE-2023-0591 was published for ubi-reader (pip) Jan 31, 2023
qkaiser
JSZip contains Path Traversal via loadAsync Moderate
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Path Traversal In Eclipse GlassFish Moderate
CVE-2022-2712 was published for org.glassfish.main.web:web (Maven) Jan 27, 2023
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal Moderate
CVE-2022-47951 was published for cinder (pip) Jan 27, 2023
Path traversal vulnerability in Jenkins PWauth Security Realm Plugin Moderate
CVE-2023-24449 was published for org.jvnet.hudson.plugins:pwauth (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database