GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
6,273 advisories
Filter by severity
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is...
Critical
Unreviewed
CVE-2024-10470
was published
Nov 9, 2024
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-10625
was published
Nov 9, 2024
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file...
High
Unreviewed
CVE-2024-10626
was published
Nov 9, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload...
Low
Unreviewed
CVE-2024-20528
was published
Nov 6, 2024
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and...
Moderate
Unreviewed
CVE-2024-20529
was published
Nov 6, 2024
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and...
Moderate
Unreviewed
CVE-2024-20532
was published
Nov 6, 2024
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and...
Moderate
Unreviewed
CVE-2024-20527
was published
Nov 6, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful...
Moderate
Unreviewed
CVE-2024-47464
was published
Nov 6, 2024
cap-std doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51756
was published
for
cap-async-std
(Rust)
Nov 5, 2024
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an...
High
Unreviewed
CVE-2024-47253
was published
Nov 5, 2024
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
High
GHSA-82j3-hf72-7x93
was published
for
com.reposilite:reposilite-backend
(Maven)
Nov 4, 2024
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File...
High
Unreviewed
CVE-2024-51582
was published
Nov 4, 2024
changedetection.io Path Traversal
Moderate
CVE-2024-51483
was published
for
changedetection.io
(pip)
Nov 1, 2024
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-37108
was published
Nov 1, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-37423
was published
Nov 1, 2024
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path...
Critical
Unreviewed
CVE-2024-39332
was published
Oct 31, 2024
An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on...
High
Unreviewed
CVE-2024-39722
was published
Oct 31, 2024
Hashicorp Consul Path Traversal vulnerability
High
CVE-2024-10005
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS...
High
Unreviewed
CVE-2024-48735
was published
Oct 30, 2024
ProTip!
Advisories are also available from the
GraphQL API