Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,065 advisories

Loading
Terraform allows arbitrary file write during the `init` operation Moderate
CVE-2023-4782 was published for github.com/hashicorp/terraform (Go) Sep 8, 2023
Path traversal in Jenkins Job Configuration History Plugin Moderate
CVE-2023-41930 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Sep 6, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it Low
CVE-2023-41057 was published for hyper-bump-it (pip) Sep 4, 2023
plannigan
Path traversal in ZIPFoundation High
CVE-2023-39138 was published for github.com/weichsel/ZIPFoundation (Swift) Aug 31, 2023
weichsel
Path traversal in Zip Swift High
CVE-2023-39135 was published for github.com/marmelroy/Zip (Swift) Aug 31, 2023
Path traversal in Archive High
CVE-2023-39139 was published for archive (Pub) Aug 31, 2023
kj415j45 jonasfj
GitPython blind local file inclusion Moderate
CVE-2023-41040 was published for GitPython (pip) Aug 30, 2023
stsewd m3t3kh4n
EliahKagan
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter High
CVE-2023-40827 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
Pyramid static view path traversal up one directory Moderate
CVE-2023-40587 was published for pyramid (pip) Aug 25, 2023
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
zola Path Traversal vulnerability High
CVE-2023-40274 was published for zola (Rust) Aug 14, 2023
1Panel O&M management panel has a background arbitrary file reading vulnerability High
CVE-2023-39964 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
PrestaShop file access through path traversal Moderate
CVE-2023-39528 was published for prestashop/prestashop (Composer) Aug 9, 2023
PrestaShop path traversal Moderate
CVE-2023-39525 was published for prestashop/prestashop (Composer) Aug 9, 2023
Nuclei Path Traversal vulnerability High
CVE-2023-37896 was published for github.com/projectdiscovery/nuclei (Go) Aug 4, 2023
Cloudflare Wrangler directory traversal vulnerability Moderate
CVE-2023-3348 was published for wrangler (npm) Aug 3, 2023
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction Moderate
CVE-2023-38708 was published for pimcore/pimcore (Composer) Aug 3, 2023
TobiSW
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names Moderate
CVE-2023-38695 was published for @simonsmith/cypress-image-snapshot (npm) Aug 1, 2023
thib3113 simonsmith
Arbitrary File Creation in AbstractUnArchiver High
CVE-2023-37460 was published for org.codehaus.plexus:plexus-archiver (Maven) Jul 25, 2023
uriyay-jfrog
Path traversal and code execution via prototype vulnerability Critical
CVE-2023-26045 was published for nodebb (npm) Jul 25, 2023
starinfar
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
OpenRefine vulnerable to zip slip in project import Moderate
CVE-2023-37476 was published for org.openrefine:main (Maven) Jul 18, 2023
stefan-schiller-sonarsource
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database