Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,319 advisories

Loading
This external control of file name or path vulnerability allows remote attackers to access or... High Unreviewed
CVE-2019-7194 was published May 24, 2022
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023... Moderate Unreviewed
CVE-2023-41266 was published Aug 30, 2023
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') ... High Unreviewed
CVE-2022-41328 was published Mar 7, 2023
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO... Moderate Unreviewed
CVE-2018-18809 was published May 13, 2022
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when... High Unreviewed
CVE-2018-20250 was published May 13, 2022
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed... Critical Unreviewed
CVE-2019-3396 was published May 13, 2022
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow... High Unreviewed
CVE-2018-0296 was published May 13, 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload... Critical Unreviewed
CVE-2022-41352 was published Sep 27, 2022
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP... Critical Unreviewed
CVE-2022-37042 was published Aug 13, 2022
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can... Critical Unreviewed
CVE-2022-26352 was published Jul 18, 2022
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022... High Unreviewed
CVE-2022-21999 was published Feb 10, 2022
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker... High Unreviewed
CVE-2021-41773 was published May 24, 2022
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An... Critical Unreviewed
CVE-2021-42013 was published May 24, 2022
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A... Critical Unreviewed
CVE-2021-22005 was published May 24, 2022
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download... High Unreviewed
CVE-2021-20124 was published May 24, 2022
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download... High Unreviewed
CVE-2021-20123 was published May 24, 2022
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote... High Unreviewed
CVE-2016-3976 was published Apr 30, 2022
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0... High Unreviewed
CVE-2015-3035 was published May 14, 2022
Microsoft Exchange Server Security Feature Bypass Vulnerability High Unreviewed
CVE-2021-31207 was published May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... High Unreviewed
CVE-2021-27065 was published May 24, 2022
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server... Critical Unreviewed
CVE-2021-21972 was published May 24, 2022
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion... High Unreviewed
CVE-2020-14864 was published May 24, 2022
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2020-3452 was published May 24, 2022
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote... Moderate Unreviewed
CVE-2020-4430 was published May 24, 2022
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN),... Moderate Unreviewed
CVE-2020-1631 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database