Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,363 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path... High Unreviewed
CVE-2024-47742 was published Oct 21, 2024
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to... Moderate Unreviewed
CVE-2021-3426 was published May 24, 2022
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In... Critical Unreviewed
CVE-2023-39332 was published Oct 18, 2023
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote... Moderate Unreviewed
CVE-2020-4430 was published May 24, 2022
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23 AryazE
Credited to pcreager23 and AryazE
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty solarpeng502
Credited to lcttty and solarpeng502
Path traversal in the OWASP Enterprise Security API High
CVE-2022-23457 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
JarLob
Credited to JarLob
A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and... Critical Unreviewed
CVE-2025-9963 was published Sep 23, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-43190 was published Sep 16, 2025
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to... High Unreviewed
CVE-2025-50735 was published Nov 3, 2025
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the... High Unreviewed
CVE-2025-2817 was published Apr 29, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
Credited to lukaselmer and cai0duque
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-43314 was published Sep 16, 2025
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
Credited to pengowray
A path handling issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43250 was published Jul 30, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-43206 was published Jul 30, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43196 was published Jul 30, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43191 was published Jul 30, 2025
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the ... Moderate Unreviewed
CVE-2025-32103 was published Apr 15, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Low Unreviewed
CVE-2024-12425 was published Jan 7, 2025
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules),... High Unreviewed
CVE-2023-35852 was published Jun 19, 2023
Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the... Moderate Unreviewed
CVE-2022-46945 was published May 26, 2023
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative... Critical Unreviewed
CVE-2022-2120 was published Jun 25, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path... Critical Unreviewed
CVE-2022-2119 was published Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database