Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

622 advisories

Loading
Malicious URL drafting attack against iodines static file server may allow path traversal High
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Credited to Luap99
AstrBot contains a directory traversal vulnerability High
CVE-2025-57698 was published for AstrBot (pip) Nov 7, 2025
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High
GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025
XlabAITeam
Credited to XlabAITeam
Dosage vulnerable to a Directory Traversal through crafted HTTP responses High
CVE-2025-64184 was published for dosage (pip) Nov 4, 2025
TobiX
Credited to TobiX
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal vulnerability High
CVE-2024-39399 was published for magento/community-edition (Composer) Aug 14, 2024
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun J1vvoo
Credited to im-soohyun and J1vvoo
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function High
CVE-2025-54293 was published for github.com/canonical/lxd (Go) Oct 2, 2025
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability High
CVE-2025-11201 was published for mlflow (pip) Oct 29, 2025
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat High
CVE-2024-24749 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
Kai5174 sikeoka
jodygarnett
Credited to Kai5174, sikeoka, and jodygarnett
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.struts:struts-tiles (Maven) Dec 1, 2023
ryanmurf
Credited to ryanmurf
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23 AryazE
Credited to pcreager23 and AryazE
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty solarpeng502
Credited to lcttty and solarpeng502
Path traversal in the OWASP Enterprise Security API High
CVE-2022-23457 was published for org.owasp.esapi:esapi (Maven) Apr 27, 2022
JarLob
Credited to JarLob
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
Credited to lukaselmer and cai0duque
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
Keras keras.utils.get_file API is vulnerable to a path traversal attack High
CVE-2025-12060 was published for keras (pip) Oct 30, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint High
CVE-2025-28382 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
actionpack Path Traversal vulnerability High
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
Administration Console authentication bypass in openfire xmppserver High
CVE-2023-32315 was published for org.igniterealtime.openfire:xmppserver (Maven) May 23, 2023
akrherz Fishbowler
guusdk Siebene
Credited to akrherz, Fishbowler, guusdk, and Siebene
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database