Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

240 advisories

Loading
Kirby vulnerable to path traversal in the router for PHP's built-in server Low
CVE-2025-30207 was published for getkirby/cms (Composer) May 13, 2025
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and... Moderate Unreviewed
CVE-2025-22859 was published May 13, 2025
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
rnijveld
Credited to rnijveld
A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to... Moderate Unreviewed
CVE-2024-20352 was published Apr 3, 2024
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS... High Unreviewed
CVE-2025-24350 was published Apr 30, 2025
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows... Moderate Unreviewed
CVE-2025-24343 was published Apr 30, 2025
In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite... Moderate Unreviewed
CVE-2025-43016 was published Apr 25, 2025
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The... High Unreviewed
CVE-2017-13996 was published May 13, 2022
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on... Critical Unreviewed
CVE-2021-22650 was published Jul 29, 2022
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows... Critical Unreviewed
CVE-2023-0339 was published Feb 28, 2023
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows... Critical Unreviewed
CVE-2023-0511 was published Feb 28, 2023
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users High
CVE-2025-32017 was published for Umbraco.Cms (NuGet) Apr 9, 2025
ggisz
Credited to ggisz
Remote code execution in mlflow Critical
CVE-2024-0520 was published for mlflow (pip) Jun 6, 2024
Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an... High Unreviewed
CVE-2025-32409 was published Apr 8, 2025
Relative Path Traversal vulnerability in Cristián Lávaque s2Member allows Path Traversal. This... Moderate Unreviewed
CVE-2025-32137 was published Apr 4, 2025
Apache Commons VFS Has Relative Path Traversal Vulnerability High
CVE-2025-27553 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0... Critical Unreviewed
CVE-2023-40714 was published Apr 2, 2025
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2025-2007 was published Apr 1, 2025
Solon Vulnerable to Path Traversal Moderate
CVE-2025-2961 was published for org.noear:solon-view (Maven) Mar 31, 2025
Aim Relative Path Traversal vulnerability Moderate
CVE-2024-6483 was published for aim (pip) Mar 20, 2025
AgentScope path traversal vulnerability in save-workflow Critical
CVE-2024-8551 was published for agentscope (pip) Mar 20, 2025
An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform... High Unreviewed
CVE-2024-9363 was published Mar 20, 2025
A path traversal vulnerability exists in the latest version of stangirard/quivr. This... Moderate Unreviewed
CVE-2024-6583 was published Mar 20, 2025
A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an... Moderate Unreviewed
CVE-2024-7058 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database