Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,942
Erlang
39
GitHub Actions
38
Go
2,599
Maven
5,000+
npm
4,249
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

818 advisories

Loading
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor... Critical Unreviewed
CVE-2025-53120 was published Aug 26, 2025
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform... Critical Unreviewed
CVE-2025-9118 was published Aug 25, 2025
The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing... Critical Unreviewed
CVE-2025-8895 was published Aug 21, 2025
A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to... Critical Unreviewed
CVE-2024-44373 was published Aug 19, 2025
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to... Critical Unreviewed
CVE-2025-8356 was published Aug 8, 2025
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability... Critical Unreviewed
CVE-2025-34154 was published Aug 13, 2025
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to... Critical Unreviewed
CVE-2011-10010 was published Aug 13, 2025
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8... Critical Unreviewed
CVE-2025-52913 was published Aug 8, 2025
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
kreeksec giteku
Credited to kreeksec and giteku
Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and... Critical Unreviewed
CVE-2025-8426 was published Jul 31, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-54438 was published Jul 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-54443 was published Jul 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-54446 was published Jul 23, 2025
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-7643 was published Jul 18, 2025
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-7712 was published Jul 17, 2025
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Credited to chximn-dt
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows,... Critical Unreviewed
CVE-2025-34110 was published Jul 15, 2025
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7360 was published Jul 15, 2025
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `... Critical Unreviewed
CVE-2024-2221 was published Apr 10, 2024
The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-4828 was published Jul 9, 2025
Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-6794 was published Jul 7, 2025
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and... Critical Unreviewed
CVE-2025-6793 was published Jul 7, 2025
MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute... Critical Unreviewed
CVE-2025-49153 was published Jun 26, 2025
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 -... Critical Unreviewed
CVE-2025-34040 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database