GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
118 advisories
Filter by severity
Kraken has arbitrary file read vulnerability via component testfs
High
CVE-2022-47747
was published
for
github.com/uber/kraken
(Go)
Jan 20, 2023
act vulnerable to arbitrary file upload in artifact server
High
CVE-2023-22726
was published
for
github.com/nektos/act
(Go)
Jan 20, 2023
Velociraptor subject to Path Traversal
Moderate
CVE-2023-0290
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 19, 2023
pastebinit Path Traversal vulnerability
Moderate
CVE-2018-25059
was published
for
github.com/jessfraz/pastebinit
(Go)
Dec 30, 2022
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
Goa vulnerable to path traversal
High
CVE-2019-25073
was published
for
github.com/goadesign/goa
(Go)
Dec 28, 2022
Cloud Foundry Archiver vulnerable to path traversal
Critical
CVE-2018-25046
was published
for
code.cloudfoundry.org/archiver
(Go)
Dec 28, 2022
ahh vulnerable to Path Traversal
High
CVE-2020-36559
was published
for
aahframe.work
(Go)
Dec 28, 2022
go-unzip vulnerable to Path Traversal
Critical
CVE-2020-36560
was published
for
github.com/artdarek/go-unzip
(Go)
Dec 28, 2022
Unzip vulnerable to path traversal
Critical
CVE-2020-36561
was published
for
github.com/yi-ge/unzip
(Go)
Dec 28, 2022
tar-utils Path Traversal vulnerability
Critical
CVE-2020-36566
was published
for
github.com/whyrusleeping/tar-utils
(Go)
Dec 28, 2022
Alist vulnerable to Path Traversal
Critical
CVE-2022-45969
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 16, 2022
Echo vulnerable to directory traversal
Moderate
CVE-2020-36565
was published
for
github.com/labstack/echo/v4
(Go)
Dec 7, 2022
Casdoor arbitrary file deletion vulnerability via uploadFile function
High
CVE-2022-44942
was published
for
github.com/casdoor/casdoor
(Go)
Dec 7, 2022
Lancet vulnerable to path traversal when unzipping files
High
CVE-2022-41920
was published
for
github.com/duke-git/lancet
(Go)
Nov 21, 2022
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
Critical
CVE-2022-39345
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Oct 25, 2022
Hertz contains path traversal via normalizePath function
High
CVE-2022-40082
was published
for
github.com/cloudwego/hertz
(Go)
Sep 29, 2022
Casdoor arbitrary file write vulnerability
Critical
CVE-2022-38638
was published
for
github.com/casdoor/casdoor
(Go)
Sep 10, 2022
Flux CLI Workload Injection
High
CVE-2022-36035
was published
for
github.com/fluxcd/flux2
(Go)
Sep 1, 2022
Duplicate Advisory: KubeVirt arbitrary host file read from the VM
Moderate
CVE-2022-1798
was published
for
kubevirt.io/kubevirt
(Go)
Aug 18, 2022
•
withdrawn
Path Traversal in Beego
Critical
CVE-2022-31836
was published
for
github.com/beego/beego
(Go)
Jul 6, 2022
Path traversal mitigation bypass in OctoRPKI
High
GHSA-3jhm-87m6-x959
was published
for
github.com/cloudflare/cfrpki
(Go)
Jun 25, 2022
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
High
CVE-2022-25856
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
Path Traversal in Git HTTP endpoints in Gogs
High
CVE-2022-1993
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
ProTip!
Advisories are also available from the
GraphQL API