GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,970 advisories
Filter by severity
A path traversal vulnerability has been reported to affect several QNAP operating system versions...
Moderate
Unreviewed
CVE-2024-21904
was published
Sep 6, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions...
High
Unreviewed
CVE-2023-51366
was published
Sep 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-6445
was published
Sep 6, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is...
High
Unreviewed
CVE-2024-45175
was published
Sep 5, 2024
Path traversal vulnerability in stripe-cli
High
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user...
High
Unreviewed
CVE-2024-45178
was published
Sep 5, 2024
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the...
Moderate
Unreviewed
CVE-2024-45074
was published
Sep 4, 2024
A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This...
Moderate
Unreviewed
CVE-2024-8410
was published
Sep 4, 2024
A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This...
Moderate
Unreviewed
CVE-2024-8409
was published
Sep 4, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory...
High
Unreviewed
CVE-2024-8104
was published
Sep 4, 2024
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access...
Moderate
Unreviewed
CVE-2024-34653
was published
Sep 4, 2024
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute...
High
Unreviewed
CVE-2024-34656
was published
Sep 4, 2024
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for...
Critical
Unreviewed
CVE-2024-7950
was published
Sep 4, 2024
Directory traversal vulnerability in the cust module
Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2024-45443
was published
Sep 4, 2024
@actions/download-artifact has an Arbitrary File Write via artifact extraction
High
GHSA-cxww-7g56-2vh6
was published
for
actions/download-artifact
(GitHub Actions)
Sep 3, 2024
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-43957
was published
Aug 29, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-43955
was published
Aug 29, 2024
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this...
Moderate
Unreviewed
CVE-2024-8304
was published
Aug 29, 2024
Ollama can extract members of a ZIP archive outside of the parent directory
High
CVE-2024-45436
was published
for
github.com/ollama/ollama
(Go)
Aug 29, 2024
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory...
Critical
Unreviewed
CVE-2024-44761
was published
Aug 28, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a...
Moderate
Unreviewed
CVE-2024-7744
was published
Aug 28, 2024
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all...
Moderate
Unreviewed
CVE-2024-6312
was published
Aug 28, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-4556
was published
Aug 28, 2024
The product allows user input to control or influence paths or file
names that are used in...
Critical
Unreviewed
CVE-2024-3980
was published
Aug 27, 2024
ProTip!
Advisories are also available from the
GraphQL API