Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
Fix for arbitrary file deletion in customer media allows for remote code execution High
CVE-2021-41143 was published for openmage/magento-lts (Composer) Jan 27, 2023
SUKOHI Surpass Path Traversal vulnerability Moderate
CVE-2015-10030 was published for sukohi/surpass (Composer) Jan 8, 2023
ThinkPHP Framework vulnerable to remote code execution Critical
CVE-2022-47945 was published for topthink/framework (Composer) Dec 23, 2022
Lavalite vulnerable to Arbitrary File Read via Directory Traversal High
CVE-2022-42188 was published for lavalite/cms (Composer) Oct 19, 2022
melisplatform/melis-asset-manager vulnerable to Path Traversal High
CVE-2022-39296 was published for melisplatform/melis-asset-manager (Composer) Oct 11, 2022
Twig may load a template outside a configured directory when using the filesystem loader High
CVE-2022-39261 was published for twig/twig (Composer) Sep 30, 2022
EC-CUBE Directory traversal vulnerability Low
CVE-2022-40199 was published for ec-cube/ec-cube (Composer) Sep 28, 2022
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
UniSharp Laravel Filemanager directory traversal vulnerability Moderate
CVE-2022-40734 was published for unisharp/laravel-filemanager (Composer) Sep 15, 2022
streamtw
Credited to streamtw
Magento Path Traversal vulnerability High
CVE-2022-34254 was published for magento/community-edition (Composer) Aug 17, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
Path Traversal in FileGator Moderate
CVE-2022-1850 was published for filegator/filegator (Composer) May 25, 2022
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal vulnerability Moderate
CVE-2021-28584 was published for magento/community-edition (Composer) May 24, 2022
Grav CMS Local File Injection Moderate
CVE-2020-29556 was published for getgrav/grav (Composer) May 24, 2022
Grav CMS Arbitrary File Deletion High
CVE-2020-29555 was published for getgrav/grav (Composer) May 24, 2022
browsershot local file inclusion vulnerability Moderate
CVE-2020-7790 was published for spatie/browsershot (Composer) May 24, 2022
ThinkAdmin directory traversal vulnerability High
CVE-2020-25540 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AnonySE26
Credited to AnonySE26
Magento path traversal vulnerability Moderate
CVE-2020-9689 was published for magento/community-edition (Composer) May 24, 2022
EC-CUBE Directory traversal vulnerability High
CVE-2020-5590 was published for ec-cube/ec-cube (Composer) May 24, 2022
TeamPass PHP arbitrary file include vulnerability High
CVE-2020-12479 was published for nilsteampassnet/teampass (Composer) May 24, 2022
Magento Path Traversal Moderate
CVE-2020-3717 was published for magento/community-edition (Composer) May 24, 2022
TYPO3 Directory Traversal on ZIP extraction Moderate
CVE-2019-19848 was published for typo3/cms (Composer) May 24, 2022
Magento Insecure Direct Object Reference (IDOR) vulnerability Moderate
CVE-2019-7925 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Path Traversal Vulnerability High
CVE-2019-7859 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database