Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,169 advisories

Loading
A vulnerability was identified in shsuishang ShopSuite ModulithShop up to... Moderate Unreviewed
CVE-2025-13246 was published Nov 16, 2025
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64 Moderate
CVE-2025-57697 was published for AstrBot (pip) Nov 7, 2025
Liferay Portal ComboServlet denial of service via large file combination Moderate
CVE-2025-62254 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 24, 2025
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker... Moderate Unreviewed
CVE-2025-57712 was published Nov 7, 2025
A security vulnerability has been detected in SimStudioAI sim up to... Moderate Unreviewed
CVE-2025-9801 was published Nov 14, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-60217 was published Oct 22, 2025
The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file... Moderate Unreviewed
CVE-2025-12089 was published Nov 13, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio... Moderate Unreviewed
CVE-2025-62449 was published Nov 11, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for... Moderate Unreviewed
CVE-2025-60722 was published Nov 11, 2025
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an... Moderate Unreviewed
CVE-2025-42894 was published Nov 11, 2025
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal... Moderate Unreviewed
CVE-2025-42919 was published Nov 11, 2025
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the... Moderate Unreviewed
CVE-2025-12923 was published Nov 10, 2025
A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an... Moderate Unreviewed
CVE-2025-12922 was published Nov 10, 2025
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... Moderate Unreviewed
CVE-2025-12092 was published Nov 8, 2025
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... Moderate Unreviewed
CVE-2025-12000 was published Nov 8, 2025
KubeVirt Arbitrary Container File Read Moderate
CVE-2025-64433 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-7719 was published Nov 7, 2025
github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Moderate
CVE-2025-64346 was published for github.com/jaredallard/archives (Go) Mar 28, 2025
ccojocar
Credited to ccojocar
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via... Moderate Unreviewed
CVE-2025-34238 was published Nov 6, 2025
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G... Moderate Unreviewed
CVE-2025-22397 was published Nov 6, 2025
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker... Moderate Unreviewed
CVE-2025-20374 was published Nov 5, 2025
Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions... Moderate Unreviewed
CVE-2025-8749 was published Aug 8, 2025
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15... Moderate Unreviewed
CVE-2025-34508 was published Jun 17, 2025
A vulnerability has been identified in Node.js, specifically affecting the handling of drive... Moderate Unreviewed
CVE-2025-23084 was published Jan 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database