GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Path Traversal in LibreNMS
High
CVE-2019-12464
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle
High
CVE-2020-5237
was published
for
oneup/uploader-bundle
(Composer)
Feb 18, 2020
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
Path traversal in pimcore/pimcore
High
CVE-2021-23340
was published
for
pimcore/pimcore
(Composer)
Feb 25, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Directory Traversal in Archive_Tar
High
CVE-2020-36193
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
Potential Zip Slip Vulnerability in baserCMS
High
CVE-2021-41279
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
PHP file inclusion in the Sulu admin panel
High
CVE-2021-43836
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
Zip slip in Microweber
High
CVE-2020-28337
was published
for
microweber/microweber
(Composer)
Feb 10, 2022
Path Traversal in ImpressCMS
High
CVE-2021-26601
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Path Traversal within joomla/archive tar class
High
CVE-2022-23793
was published
for
joomla/archive
(Composer)
Mar 31, 2022
Smarty Path Traversal Vulnerability
High
CVE-2018-13982
was published
for
smarty/smarty
(Composer)
May 13, 2022
Contao Core directory traversal vulnerability
High
CVE-2017-10993
was published
for
contao/contao
(Composer)
May 13, 2022
Symfony Directory Traversal
High
CVE-2017-16654
was published
for
symfony/intl
(Composer)
May 14, 2022
OpenCart Path Traversal
High
CVE-2018-11494
was published
for
opencart/opencart
(Composer)
May 14, 2022
Magento 2 Community Edition Path Traversal Vulnerability
High
CVE-2019-7859
was published
for
magento/community-edition
(Composer)
May 24, 2022
TeamPass PHP arbitrary file include vulnerability
High
CVE-2020-12479
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
EC-CUBE Directory traversal vulnerability
High
CVE-2020-5590
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
ThinkAdmin directory traversal vulnerability
High
CVE-2020-25540
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Grav CMS Arbitrary File Deletion
High
CVE-2020-29555
was published
for
getgrav/grav
(Composer)
May 24, 2022
Magento Path Traversal vulnerability
High
CVE-2022-34254
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
ICEcoder vulnerable to Path Traversal
High
CVE-2022-34026
was published
for
icecoder/icecoder
(Composer)
Sep 23, 2022
Twig may load a template outside a configured directory when using the filesystem loader
High
CVE-2022-39261
was published
for
twig/twig
(Composer)
Sep 30, 2022
ProTip!
Advisories are also available from the
GraphQL API