Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,652
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,367 advisories

Loading
A flaw has been found in OpenWGA 7.11.12 Build 737. This affects an unknown function of the file... Moderate Unreviewed
CVE-2025-12250 was published Oct 27, 2025
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function... Moderate Unreviewed
CVE-2025-12203 was published Oct 27, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-10488 was published Oct 25, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact... High Unreviewed
CVE-2025-54963 was published Oct 23, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal... High Unreviewed
CVE-2025-34517 was published Oct 16, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal... High Unreviewed
CVE-2025-34518 was published Oct 16, 2025
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers... Moderate Unreviewed
CVE-2025-21048 was published Oct 10, 2025
actionpack Path Traversal vulnerability High
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
Credited to sunSUNQ
Administration Console authentication bypass in openfire xmppserver High
CVE-2023-32315 was published for org.igniterealtime.openfire:xmppserver (Maven) May 23, 2023
akrherz Fishbowler
guusdk Siebene
Credited to akrherz, Fishbowler, guusdk, and Siebene
Grafana path traversal High
CVE-2021-43798 was published for github.com/grafana/grafana (Go) Feb 1, 2024
jordyv
Credited to jordyv
Directory Traversal in Archive_Tar High
CVE-2020-36193 was published for pear/archive_tar (Composer) Apr 22, 2021
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
Credited to stephanmiehe
Directory traversal attack in Spring Cloud Config High
CVE-2020-5410 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
SaltStack Salt is vulnerable Arbitrary Directory Access High
CVE-2020-11652 was published for salt (pip) May 24, 2022
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
Directory traversal vulnerability in Action View in Ruby on Rails High
CVE-2016-0752 was published for actionpack (RubyGems) Oct 24, 2017
This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9... High Unreviewed
CVE-2025-22167 was published Oct 22, 2025
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended... Low Unreviewed
CVE-2013-3993 was published May 17, 2022
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network... High Unreviewed
CVE-2015-0666 was published May 17, 2022
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft... High Unreviewed
CVE-2015-0016 was published May 14, 2022
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0... High Unreviewed
CVE-2010-2861 was published May 17, 2022
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4... High Unreviewed
CVE-2014-0780 was published May 17, 2022
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component:... Critical Unreviewed
CVE-2025-61882 was published Oct 5, 2025
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime... High Unreviewed
CVE-2025-61884 was published Oct 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database