Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,212
NuGet
744
pip
3,988
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

240 advisories

Loading
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification... Moderate Unreviewed
CVE-2025-10249 was published Oct 9, 2025
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written... Low Unreviewed
CVE-2025-62187 was published Oct 7, 2025
Django vulnerable to partial directory traversal via archives Low
CVE-2025-59682 was published for django (pip) Oct 1, 2025
Directory Traversal in Next.js Moderate
CVE-2020-5284 was published for next (npm) Mar 30, 2020
esm.sh has File Inclusion issue High
CVE-2025-59341 was published for github.com/esm-dev/esm.sh (Go) Sep 17, 2025
j3ssie
Credited to j3ssie
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving... Moderate Unreviewed
CVE-2025-60020 was published Sep 24, 2025
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote... Moderate Unreviewed
CVE-2025-9570 was published Sep 23, 2025
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload Moderate Unreviewed
CVE-2025-59456 was published Sep 17, 2025
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker... Critical Unreviewed
CVE-2025-55115 was published Sep 16, 2025
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that... High Unreviewed
CVE-2025-10203 was published Sep 15, 2025
XWiki configuration files can be accessed through jsx and sx endpoints Critical
CVE-2025-55748 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Sep 3, 2025
XWiki configuration files can be accessed through the webjars API Critical
CVE-2025-55747 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) Sep 3, 2025
Vite's `server.fs` settings were not applied to HTML files Low
CVE-2025-58752 was published for vite (npm) Sep 9, 2025
orihjfrog dominikg
Credited to orihjfrog and dominikg
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7... Moderate Unreviewed
CVE-2025-53609 was published Sep 9, 2025
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7... Moderate Unreviewed
CVE-2025-25048 was published Sep 4, 2025
Opencast has a partial path traversal vulnerability in UI config Low
CVE-2025-55202 was published for org.opencastproject:opencast-user-interface-configuration (Maven) Aug 29, 2025
odaysec lkiesow
Credited to odaysec and lkiesow
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing... High Unreviewed
CVE-2025-9639 was published Aug 29, 2025
An authorized remote attacker can access files and directories outside the intended web root,... Moderate Unreviewed
CVE-2021-4459 was published Aug 27, 2025
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-8464 was published Aug 16, 2025
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all... Moderate Unreviewed
CVE-2024-48892 was published Aug 12, 2025
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0... Moderate Unreviewed
CVE-2024-40588 was published Aug 12, 2025
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-53779 was published Aug 12, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code Moderate
CVE-2025-55013 was published for assemblyline-service-client (pip) Jul 25, 2025
serexp
Credited to serexp
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to... Moderate Unreviewed
CVE-2025-51052 was published Aug 6, 2025
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can... High Unreviewed
CVE-2025-54317 was published Jul 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database