Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,229 advisories

Loading
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper... Moderate Unreviewed
CVE-2025-8917 was published Oct 5, 2025
ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer`... Moderate Unreviewed
CVE-2025-8406 was published Oct 5, 2025
A path traversal vulnerability has been reported to affect several QNAP operating system versions... Moderate Unreviewed
CVE-2025-47211 was published Oct 3, 2025
Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read... Moderate Unreviewed
CVE-2014-2352 was published May 17, 2022
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker... Moderate Unreviewed
CVE-2025-33034 was published Oct 3, 2025
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-11079 was published Sep 27, 2025
NLnet Labs’ Routinator vulnerable to path traversal Critical
CVE-2023-39916 was published for routinator (Rust) Sep 13, 2023
Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to... High Unreviewed
CVE-2025-59744 was published Oct 2, 2025
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function High
CVE-2025-54293 was published for github.com/canonical/lxd (Go) Oct 2, 2025
An attacker can obtain server information using Path Traversal vulnerability to conduct SQL... High Unreviewed
CVE-2025-11020 was published Oct 2, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted... Critical Unreviewed
CVE-2025-11221 was published Oct 2, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code... High Unreviewed
CVE-2025-11182 was published Oct 2, 2025
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import Low
CVE-2025-58769 was published for auth0/auth0-php (Composer) Oct 1, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-11833 was published Dec 13, 2024
Path traversal in Hadoop Critical
CVE-2022-26612 was published for org.apache.hadoop:hadoop-common (Maven) Apr 8, 2022
szymon-miezal
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on... Moderate Unreviewed
CVE-2024-41887 was published Dec 24, 2024
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet Moderate
CVE-2025-43813 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 30, 2025
The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions... Moderate Unreviewed
CVE-2025-8559 was published Sep 30, 2025
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to,... Moderate Unreviewed
CVE-2024-2654 was published Apr 9, 2024
Path traversal in atlasboard High
CVE-2021-39109 was published for atlasboard (npm) Sep 2, 2021
AryazE
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23 AryazE
xml2rfc is vulnerable to arbitrary file reads through prepped files High
CVE-2025-11059 was published for xml2rfc (pip) Sep 10, 2025
xml2rfc has an arbitrary file read vulnerability High
CVE-2025-11058 was published for xml2rfc (pip) Aug 26, 2025
A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function... Moderate Unreviewed
CVE-2025-11139 was published Sep 29, 2025
node-static and @nubosoftware/node-static vulnerable to Directory Traversal High
CVE-2023-26111 was published for @nubosoftware/node-static (npm) Mar 6, 2023
lirantal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database