GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
111 advisories
Filter by severity
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an...
Moderate
Unreviewed
CVE-2023-2913
was published
Jul 18, 2023
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially...
High
Unreviewed
CVE-2023-34394
was published
Jul 20, 2023
Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version...
High
Unreviewed
CVE-2023-3512
was published
Oct 4, 2023
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By...
High
Unreviewed
CVE-2023-3701
was published
Oct 4, 2023
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation...
Critical
Unreviewed
CVE-2024-3025
was published
Apr 10, 2024
NiceGUI allows potential access to local file system
High
CVE-2024-32005
was published
for
nicegui
(pip)
Apr 12, 2024
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing...
High
Unreviewed
CVE-2024-0549
was published
Apr 16, 2024
Windows Hyper-V Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-30010
was published
May 14, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
A specially crafted Zip file containing path traversal characters can be
imported to the ...
High
Unreviewed
CVE-2024-33615
was published
May 15, 2024
Buildah (as part of Podman) vulnerable to Path Traversal
Low
CVE-2022-4123
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access...
High
Unreviewed
CVE-2023-3940
was published
May 21, 2024
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write...
Critical
Unreviewed
CVE-2023-3941
was published
May 21, 2024
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal...
High
Unreviewed
CVE-2021-29101
was published
May 24, 2022
path traversal vulnerability was identified in the parisneo/lollms-webui
Moderate
CVE-2024-4330
was published
for
lollms
(pip)
Jun 2, 2024
If exploited an attacker could traverse the file system to access
files or directories that...
Unknown
Unreviewed
CVE-2024-2461
was published
Jun 11, 2024
Path traversal vulnerability in the web server of the Toshiba printer enables attacker to...
High
Unreviewed
CVE-2024-3497
was published
Jun 14, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC...
Moderate
Unreviewed
CVE-2024-37138
was published
Jun 26, 2024
Relative Path Traversal in GitHub repository stitionai/devika prior to -.
High
Unreviewed
CVE-2024-5547
was published
Jun 27, 2024
CHANGING Mobile One Time Password does not properly filter parameters for the file download...
Moderate
Unreviewed
CVE-2024-3122
was published
Jul 1, 2024
Relative Path Traversal in GitHub repository stitionai/devika prior to -.
High
Unreviewed
CVE-2024-6433
was published
Jul 10, 2024
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied...
High
Unreviewed
CVE-2024-2053
was published
Mar 21, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
registry-support: decompress can delete files outside scope via relative paths
High
CVE-2024-1485
was published
for
github.com/devfile/registry-support/registry-library
(Go)
Feb 14, 2024
ProTip!
Advisories are also available from the
GraphQL API