Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,362 advisories

Loading
A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation... High Unreviewed
CVE-2025-11696 was published Nov 11, 2025
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an... Moderate Unreviewed
CVE-2025-42894 was published Nov 11, 2025
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal... Moderate Unreviewed
CVE-2025-42919 was published Nov 11, 2025
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal... High Unreviewed
CVE-2018-25124 was published Nov 11, 2025
supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files. High Unreviewed
CVE-2024-39937 was published Jul 5, 2024
A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue... High Unreviewed
CVE-2025-60574 was published Nov 8, 2025
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the... Moderate Unreviewed
CVE-2025-12923 was published Nov 10, 2025
A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an... Moderate Unreviewed
CVE-2025-12922 was published Nov 10, 2025
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... Moderate Unreviewed
CVE-2025-12092 was published Nov 8, 2025
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... Moderate Unreviewed
CVE-2025-12000 was published Nov 8, 2025
KubeVirt Arbitrary Container File Read Moderate
CVE-2025-64433 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
AstrBot contains a directory traversal vulnerability High
CVE-2025-57698 was published for AstrBot (pip) Nov 7, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-7719 was published Nov 7, 2025
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High
GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025
XlabAITeam
Credited to XlabAITeam
github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Moderate
CVE-2025-64346 was published for github.com/jaredallard/archives (Go) Mar 28, 2025
ccojocar
Credited to ccojocar
Dosage vulnerable to a Directory Traversal through crafted HTTP responses High
CVE-2025-64184 was published for dosage (pip) Nov 4, 2025
TobiX
Credited to TobiX
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on... Critical Unreviewed
CVE-2025-12422 was published Oct 28, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-62630 was published Nov 7, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-58423 was published Nov 7, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-59171 was published Nov 7, 2025
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled... High Unreviewed
CVE-2025-8941 was published Aug 13, 2025
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via... Moderate Unreviewed
CVE-2025-34238 was published Nov 6, 2025
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-12490 was published Nov 6, 2025
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G... Moderate Unreviewed
CVE-2025-22397 was published Nov 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database