GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
119 advisories
Filter by severity
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Arbitrary File Write via Archive Extraction in mholt/archiver
Moderate
CVE-2018-1002207
was published
for
github.com/mholt/archiver
(Go)
Feb 15, 2022
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Path Traversal in Gitea
Moderate
CVE-2021-29134
was published
for
code.gitea.io/gitea
(Go)
Mar 16, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Path traversal in ginadmin
High
CVE-2022-30427
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Arbitrary file read in ginadmin
High
CVE-2022-30428
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Path Traversal in Git HTTP endpoints in Gogs
High
CVE-2022-1993
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Echo vulnerable to directory traversal
Moderate
CVE-2020-36565
was published
for
github.com/labstack/echo/v4
(Go)
Dec 7, 2022
Alist vulnerable to Path Traversal
Critical
CVE-2022-45969
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 16, 2022
Flux CLI Workload Injection
High
CVE-2022-36035
was published
for
github.com/fluxcd/flux2
(Go)
Sep 1, 2022
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
Critical
CVE-2022-39345
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Oct 25, 2022
Path Traversal in github.com/go-sonic/sonic
Moderate
CVE-2022-46959
was published
for
github.com/go-sonic/sonic
(Go)
Jan 23, 2023
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Path traversal in Grafana Cortex
Moderate
CVE-2021-36157
was published
for
github.com/cortexproject/cortex
(Go)
Sep 2, 2021
Path traversal in Grafana Loki
Moderate
CVE-2021-36156
was published
for
github.com/grafana/loki
(Go)
Sep 2, 2021
Path traversal and files overwrite with unsquashfs in singularity
High
CVE-2020-15229
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
Casdoor arbitrary file deletion vulnerability via uploadFile function
High
CVE-2022-44942
was published
for
github.com/casdoor/casdoor
(Go)
Dec 7, 2022
pastebinit Path Traversal vulnerability
Moderate
CVE-2018-25059
was published
for
github.com/jessfraz/pastebinit
(Go)
Dec 30, 2022
Arbitrary file write in nats-server
High
CVE-2022-26652
was published
for
github.com/nats-io/nats-server/v2
(Go)
Mar 10, 2022
act vulnerable to arbitrary file upload in artifact server
High
CVE-2023-22726
was published
for
github.com/nektos/act
(Go)
Jan 20, 2023
Path traversal in claircore
High
CVE-2021-3762
was published
for
github.com/quay/claircore
(Go)
Mar 4, 2022
ProTip!
Advisories are also available from the
GraphQL API