Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,660
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,212 advisories

Loading
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to... High Unreviewed
CVE-2025-27222 was published Oct 27, 2025
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file... High Unreviewed
CVE-2025-12055 was published Oct 27, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-10488 was published Oct 25, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact... High Unreviewed
CVE-2025-54963 was published Oct 23, 2025
Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue... High Unreviewed
CVE-2025-41073 was published Oct 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-60227 was published Oct 22, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-59566 was published Oct 22, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-58959 was published Oct 22, 2025
This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9... High Unreviewed
CVE-2025-22167 was published Oct 22, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-3465 was published Oct 20, 2025
A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to... High Unreviewed
CVE-2025-62356 was published Oct 17, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal... High Unreviewed
CVE-2025-34517 was published Oct 16, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal... High Unreviewed
CVE-2025-34518 was published Oct 16, 2025
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... High Unreviewed
CVE-2025-54658 was published Oct 16, 2025
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10.... High Unreviewed
CVE-2025-61941 was published Oct 15, 2025
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an... High Unreviewed
CVE-2024-13991 was published Oct 15, 2025
The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and... High Unreviewed
CVE-2025-11746 was published Oct 15, 2025
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun J1vvoo
Credited to im-soohyun and J1vvoo
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing... High Unreviewed
CVE-2025-9064 was published Oct 14, 2025
Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve... High Unreviewed
CVE-2025-9713 was published Oct 13, 2025
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime... High Unreviewed
CVE-2025-61884 was published Oct 12, 2025
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High
GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025
XlabAITeam
Credited to XlabAITeam
Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated... High Unreviewed
CVE-2025-35055 was published Oct 9, 2025
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability... High Unreviewed
CVE-2025-34248 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database