Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,889
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,215
NuGet
744
pip
3,991
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

183 advisories

Loading
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification... Moderate Unreviewed
CVE-2025-10249 was published Oct 9, 2025
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written... Low Unreviewed
CVE-2025-62187 was published Oct 7, 2025
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving... Moderate Unreviewed
CVE-2025-60020 was published Sep 24, 2025
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote... Moderate Unreviewed
CVE-2025-9570 was published Sep 23, 2025
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload Moderate Unreviewed
CVE-2025-59456 was published Sep 17, 2025
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker... Critical Unreviewed
CVE-2025-55115 was published Sep 16, 2025
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that... High Unreviewed
CVE-2025-10203 was published Sep 15, 2025
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7... Moderate Unreviewed
CVE-2025-53609 was published Sep 9, 2025
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7... Moderate Unreviewed
CVE-2025-25048 was published Sep 4, 2025
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing... High Unreviewed
CVE-2025-9639 was published Aug 29, 2025
An authorized remote attacker can access files and directories outside the intended web root,... Moderate Unreviewed
CVE-2021-4459 was published Aug 27, 2025
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-8464 was published Aug 16, 2025
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all... Moderate Unreviewed
CVE-2024-48892 was published Aug 12, 2025
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0... Moderate Unreviewed
CVE-2024-40588 was published Aug 12, 2025
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-53779 was published Aug 12, 2025
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to... Moderate Unreviewed
CVE-2025-51052 was published Aug 6, 2025
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete... Moderate Unreviewed
CVE-2025-53082 was published Jul 29, 2025
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows High Unreviewed
CVE-2025-54531 was published Jul 28, 2025
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can... High Unreviewed
CVE-2025-54317 was published Jul 20, 2025
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File... High Unreviewed
CVE-2025-7619 was published Jul 14, 2025
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code... High Unreviewed
CVE-2025-48817 was published Jul 8, 2025
The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing... High Unreviewed
CVE-2025-7146 was published Jul 8, 2025
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a... Critical Unreviewed
CVE-2025-52207 was published Jun 27, 2025
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated... High Unreviewed
CVE-2025-52922 was published Jun 23, 2025
Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions... High Unreviewed
CVE-2025-34510 was published Jun 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database