Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

606 advisories

Loading
Parameter verification vulnerability in the installd module. Successful exploitation of this... Critical Unreviewed
CVE-2023-39401 was published Aug 13, 2023
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog... Critical Unreviewed
CVE-2020-27514 was published Aug 11, 2023
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user... Critical Unreviewed
CVE-2023-36534 was published Aug 8, 2023
PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables... Critical Unreviewed
CVE-2023-39143 was published Aug 4, 2023
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files... Critical Unreviewed
CVE-2023-38951 was published Aug 4, 2023
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing... Critical Unreviewed
CVE-2023-33369 was published Aug 3, 2023
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path... Critical Unreviewed
CVE-2022-46898 was published Jul 25, 2023
The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs... Critical Unreviewed
CVE-2023-26564 was published Jul 12, 2023
The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory... Critical Unreviewed
CVE-2023-26563 was published Jul 12, 2023
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s... Critical Unreviewed
CVE-2022-3184 was published Jul 6, 2023
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s... Critical Unreviewed
CVE-2022-22128 was published Jul 6, 2023
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the... Critical Unreviewed
CVE-2023-34598 was published Jun 29, 2023
Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a... Critical Unreviewed
CVE-2023-32623 was published Jun 28, 2023
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to... Critical Unreviewed
CVE-2020-19902 was published Jun 27, 2023
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow... Critical Unreviewed
CVE-2023-32557 was published Jun 27, 2023
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2... Critical Unreviewed
CVE-2023-30945 was published Jun 27, 2023
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8... Critical Unreviewed
CVE-2023-32521 was published Jun 27, 2023
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE... Critical Unreviewed
CVE-2023-34939 was published Jun 22, 2023
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the... Critical Unreviewed
CVE-2023-34880 was published Jun 15, 2023
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename... Critical Unreviewed
CVE-2023-34865 was published Jun 14, 2023
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to... Critical Unreviewed
CVE-2023-2278 was published Jun 13, 2023
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download... Critical Unreviewed
CVE-2023-34342 was published Jun 12, 2023
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in... Critical Unreviewed
CVE-2020-36728 was published Jun 7, 2023
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in... Critical Unreviewed
CVE-2023-34409 was published Jun 6, 2023
Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows... Critical Unreviewed
CVE-2023-29736 was published Jun 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database