Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,150 advisories

Loading
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is... Moderate Unreviewed
CVE-2025-34173 was published Sep 9, 2025
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the... Moderate Unreviewed
CVE-2025-11941 was published Oct 19, 2025
A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown... Moderate Unreviewed
CVE-2025-11939 was published Oct 19, 2025
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not... Moderate Unreviewed
CVE-2025-34176 was published Sep 9, 2025
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this... Moderate Unreviewed
CVE-2025-11914 was published Oct 17, 2025
A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by... Moderate Unreviewed
CVE-2025-11913 was published Oct 17, 2025
Mammoth is vulnerable to Directory Traversal Moderate
CVE-2025-11849 was published for Mammoth (Maven) Oct 17, 2025
Smidge is vulnerable to Path Traversal Moderate
CVE-2025-11842 was published for Smidge (NuGet) Oct 16, 2025
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka majkelstick
escopecz
Credited to patrykgruszka, majkelstick, and escopecz
PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure Moderate
CVE-2025-61923 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... Moderate Unreviewed
CVE-2025-53951 was published Oct 16, 2025
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and... Moderate Unreviewed
CVE-2025-37144 was published Oct 14, 2025
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and... Moderate Unreviewed
CVE-2025-37145 was published Oct 14, 2025
Improper Access Control in stitionai/devika Moderate Unreviewed
CVE-2024-5821 was published Jul 3, 2024
gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion... Moderate Unreviewed
CVE-2024-10707 was published Mar 20, 2025
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
Credited to kevinbackhouse
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4... Moderate Unreviewed
CVE-2025-10986 was published Oct 14, 2025
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web... Moderate Unreviewed
CVE-2025-42906 was published Oct 14, 2025
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11631 was published Oct 12, 2025
A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function... Moderate Unreviewed
CVE-2025-11630 was published Oct 12, 2025
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element... Moderate Unreviewed
CVE-2025-11607 was published Oct 11, 2025
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in... Moderate Unreviewed
CVE-2025-9950 was published Oct 11, 2025
Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying... Moderate Unreviewed
CVE-2025-35053 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database