Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,652
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

160 advisories

Loading
An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1... Low Unreviewed
CVE-2025-54559 was published Nov 14, 2025
Kgateway transformation policy template can emit files from the container Low
GHSA-5pmx-7r6r-wfqq was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An... Low Unreviewed
CVE-2022-37703 was published Sep 14, 2022
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Low Unreviewed
CVE-2024-12425 was published Jan 7, 2025
Langchain-Chatchat vulnerable to path traversal Low
CVE-2025-6854 was published for langchain-chatchat (pip) Jun 29, 2025
Langchain-Chatchat vulnerable to path traversal Low
CVE-2025-6855 was published for langchain-chatchat (pip) Jun 29, 2025
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended... Low Unreviewed
CVE-2013-3993 was published May 17, 2022
Shopware vulnerable to path traversal via Plugin upload Low
GHSA-6wh5-mw9h-5c3w was published for shopware/core (Composer) Oct 21, 2025
Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations Low
CVE-2025-11569 was published for cross-zip (npm) Oct 10, 2025 withdrawn
MarshallOfSound
Credited to MarshallOfSound
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import Low
CVE-2025-58769 was published for auth0/auth0-php (Composer) Oct 1, 2025
A path traversal vulnerability has been reported to affect several QNAP operating system versions... Low Unreviewed
CVE-2024-37046 was published Nov 22, 2024
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
Credited to apyatko
Langchain-Chatchat has a Path Traversal vulnerability Low
CVE-2025-6853 was published for langchain-chatchat (pip) Jun 29, 2025
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Credited to orihjfrog and lukeed
MobSF Path Traversal in GET /download/<filename> using absolute filenames Low
CVE-2025-58161 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Credited to noname1337h1
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to... Low Unreviewed
CVE-2025-55523 was published Aug 21, 2025
A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4.... Low Unreviewed
CVE-2025-8522 was published Aug 4, 2025
Upsonic is vulnerable to Path Traversal attack through its os.path.join function Low
CVE-2025-6278 was published for upsonic (pip) Jun 19, 2025
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an... Low Unreviewed
CVE-2025-3722 was published Jun 26, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS... Low Unreviewed
CVE-2023-40383 was published Jan 11, 2024
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an... Low Unreviewed
CVE-2025-20277 was published Jun 4, 2025
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does... Low Unreviewed
CVE-2023-2252 was published Jan 16, 2024
Traefik allows path traversal using url encoding Low
CVE-2025-47952 was published for github.com/traefik/traefik (Go) May 28, 2025
antonjanrutten
Credited to antonjanrutten
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
Credited to kos0ng
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives Low Unreviewed
CVE-2024-24940 was published Feb 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database