Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

606 advisories

Loading
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond... Critical Unreviewed
CVE-2023-2909 was published May 31, 2023
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with... Critical Unreviewed
CVE-2022-47526 was published May 31, 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code... Critical Unreviewed
CVE-2022-24629 was published May 29, 2023
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote... Critical Unreviewed
CVE-2023-28408 was published May 23, 2023
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a... Critical Unreviewed
CVE-2023-28413 was published May 23, 2023
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the... Critical Unreviewed
CVE-2023-27507 was published May 23, 2023
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2020-20012 was published May 23, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that... Critical Unreviewed
CVE-2022-36327 was published May 18, 2023
CLTPHP <=6.0 is vulnerable to Improper Input Validation. Critical Unreviewed
CVE-2023-30268 was published May 4, 2023
A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with... Critical Unreviewed
CVE-2023-27105 was published Apr 25, 2023
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary... Critical Unreviewed
CVE-2022-47027 was published Apr 14, 2023
Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277... Critical Unreviewed
CVE-2023-27648 was published Apr 14, 2023
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2023-27812 was published Apr 13, 2023
The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page... Critical Unreviewed
CVE-2023-1478 was published Apr 10, 2023
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing... Critical Unreviewed
CVE-2023-29478 was published Apr 7, 2023
Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges... Critical Unreviewed
CVE-2020-19279 was published Apr 4, 2023
This vulnerability allows remote attackers to delete arbitrary files on affected installations of... Critical Unreviewed
CVE-2022-2560 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36981 was published Mar 29, 2023
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL... Critical Unreviewed
CVE-2023-1142 was published Mar 27, 2023
An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI... Critical Unreviewed
CVE-2023-26802 was published Mar 26, 2023
A path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer... Critical Unreviewed
CVE-2023-27855 was published Mar 22, 2023
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk... Critical Unreviewed
CVE-2023-1467 was published Mar 17, 2023
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as... Critical Unreviewed
CVE-2023-28371 was published Mar 15, 2023
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740,... Critical Unreviewed
CVE-2023-27269 was published Mar 14, 2023
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752,... Critical Unreviewed
CVE-2023-27501 was published Mar 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database