Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

552 advisories

Loading
Path traversal in MLflow High
CVE-2023-6753 was published for mlflow (pip) Dec 13, 2023
Directory Traversal in JFinalCMS High
CVE-2023-50449 was published for com.jfinal:jfinal (Maven) Dec 10, 2023
Directory Traversal in evershop High
CVE-2023-46496 was published for @evershop/evershop (npm) Dec 8, 2023
Mattermost Injection vulnerability High
CVE-2023-6458 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.tiles:tiles-core (Maven) Dec 1, 2023
ureport arbitrary file read vulnerability High
CVE-2023-48848 was published for com.bstek.ureport:ureport2-core (Maven) Nov 28, 2023
OroPlatform vulnerable to path traversal during temporary file manipulations High
CVE-2022-41951 was published for oro/platform (Composer) Nov 27, 2023
Download to arbitrary folder can lead to RCE High
CVE-2023-47890 was published for pyload-ng (pip) Nov 21, 2023
vergl4s
Zip slip in mleap High
CVE-2023-5245 was published for ml.combust.mleap:mleap-runtime_2.12 (Maven) Nov 15, 2023
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack High
CVE-2023-34062 was published for io.projectreactor.netty:reactor-netty-http (Maven) Nov 15, 2023
mpihelgas
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion High
CVE-2023-46654 was published for org.jenkins-ci.plugins:electricflow (Maven) Oct 25, 2023
Parse Server may crash when uploading file without extension High
CVE-2023-46119 was published for parse-server (npm) Oct 24, 2023
chriscborg mtrezza
Yamcs Path Traversal vulnerability High
CVE-2023-45277 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
Artifact Hub arbitrary file read vulnerability High
CVE-2023-45823 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Arduino Create Agent path traversal - local privilege escalation vulnerability High
CVE-2023-43802 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
plexus-codehaus vulnerable to directory traversal High
CVE-2022-4244 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Cecil Path Traversal vulnerability High
CVE-2023-4914 was published for cecil/cecil (Composer) Sep 12, 2023
Jeecg boot arbitrary file read vulnerability High
CVE-2023-41578 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
Path traversal in Archive High
CVE-2023-39139 was published for archive (Pub) Aug 31, 2023
kj415j45 jonasfj
Path traversal in ZIPFoundation High
CVE-2023-39138 was published for github.com/weichsel/ZIPFoundation (Swift) Aug 31, 2023
weichsel
Path traversal in Zip Swift High
CVE-2023-39135 was published for github.com/marmelroy/Zip (Swift) Aug 31, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database