Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,652
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,367 advisories

Loading
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in... Moderate Unreviewed
CVE-2025-9950 was published Oct 11, 2025
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design... Critical Unreviewed
CVE-2025-6439 was published Oct 11, 2025
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High
GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025
XlabAITeam
Credited to XlabAITeam
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers... Moderate Unreviewed
CVE-2025-21048 was published Oct 10, 2025
Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations Low
CVE-2025-11569 was published for cross-zip (npm) Oct 10, 2025 withdrawn
MarshallOfSound
Credited to MarshallOfSound
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE Critical
CVE-2025-10284 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
TheTechromancer
Credited to justinsteven, liquidsec, and TheTechromancer
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an... Moderate Unreviewed
CVE-2025-35056 was published Oct 9, 2025
Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated... High Unreviewed
CVE-2025-35055 was published Oct 9, 2025
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability... High Unreviewed
CVE-2025-34248 was published Oct 9, 2025
Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying... Moderate Unreviewed
CVE-2025-35053 was published Oct 9, 2025
Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and... High Unreviewed
CVE-2025-39664 was published Oct 9, 2025
Flowise is vulnerable to arbitrary file write through its WriteFileTool Critical
CVE-2025-61913 was published for Flowise (npm) Oct 9, 2025
XlabAITeam
Credited to XlabAITeam
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... Critical Unreviewed
CVE-2025-7526 was published Oct 9, 2025
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip) Oct 7, 2025
d3do-23 kexinoh
lonelyuan
Credited to d3do-23, kexinoh, and lonelyuan
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43934 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43889 was published Oct 7, 2025
A path traversal vulnerability was discovered in the Time Machine functionality due to missing... High Unreviewed
CVE-2025-40889 was published Oct 7, 2025
A client-side path traversal vulnerability was discovered in the web management interface front... Moderate Unreviewed
CVE-2025-3718 was published Oct 7, 2025
Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W... Moderate Unreviewed
CVE-2025-60969 was published Oct 6, 2025
A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2.... Moderate Unreviewed
CVE-2025-11337 was published Oct 6, 2025
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization... Moderate Unreviewed
CVE-2025-11336 was published Oct 6, 2025
A remote, unauthorized attacker can brute force folders and files and read them like private keys... Moderate Unreviewed
CVE-2025-58591 was published Oct 6, 2025
It's possible to brute force folders and files, what can be used by an attacker to steal sensitve... Moderate Unreviewed
CVE-2025-58590 was published Oct 6, 2025
clearml is vulnerable to Path Traversal through its `safe_extract` function Moderate
CVE-2025-8917 was published for clearml (pip) Oct 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database