Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6,011 advisories

Loading
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows... High Unreviewed
CVE-2024-6255 was published Jul 31, 2024
Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory High Unreviewed
CVE-2024-41695 was published Jul 30, 2024
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2024-27887 was published Jul 30, 2024
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2024-27871 was published Jul 30, 2024
Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2024-7248 was published Jul 30, 2024
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users High
CVE-2024-41799 was published for Tgstation.Server.Api (NuGet) Jul 29, 2024
SandPoot Cyberboss
Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this... High Unreviewed
CVE-2024-41726 was published Jul 29, 2024
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0... High Unreviewed
CVE-2024-41628 was published Jul 26, 2024
SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. Moderate Unreviewed
CVE-2024-42007 was published Jul 26, 2024
ICEcoder Path Traversal vulnerability Moderate
CVE-2024-41373 was published for icecoder/icecoder (Composer) Jul 26, 2024
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared... Moderate Unreviewed
CVE-2024-7080 was published Jul 24, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is... Critical Unreviewed
CVE-2024-40422 was published Jul 24, 2024
The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is... High Unreviewed
CVE-2024-6885 was published Jul 23, 2024
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that... High Unreviewed
CVE-2024-6791 was published Jul 22, 2024
Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to... High Unreviewed
CVE-2020-24102 was published Jul 22, 2024
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
rockfordlhotka
IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file... High Unreviewed
CVE-2024-40051 was published Jul 22, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a... Critical Unreviewed
CVE-2024-41704 was published Jul 22, 2024
A vulnerability classified as problematic was found in Gargaj wuhu up to... Moderate Unreviewed
CVE-2024-6949 was published Jul 21, 2024
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers... High Unreviewed
CVE-2024-40348 was published Jul 20, 2024
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in... Moderate Unreviewed
CVE-2024-3934 was published Jul 20, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable High
CVE-2024-41121 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the... Critical Unreviewed
CVE-2024-6164 was published Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API