Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

829 advisories

Loading
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9... Critical Unreviewed
CVE-2025-4632 was published May 13, 2025
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component:... Critical Unreviewed
CVE-2025-61882 was published Oct 5, 2025
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
Credited to sunSUNQ
OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint Critical
CVE-2025-28384 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative... Critical Unreviewed
CVE-2022-2120 was published Jun 25, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path... Critical Unreviewed
CVE-2022-2119 was published Jun 25, 2022
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
Credited to pengowray
A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and... Critical Unreviewed
CVE-2025-9963 was published Sep 23, 2025
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In... Critical Unreviewed
CVE-2023-39332 was published Oct 18, 2023
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39787 was published Jan 14, 2025
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39786 was published Jan 14, 2025
A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4... Critical Unreviewed
CVE-2025-30429 was published Apr 1, 2025
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution ... Critical Unreviewed
CVE-2025-12493 was published Nov 4, 2025
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine... Critical Unreviewed
CVE-2023-47211 was published Jan 8, 2024
A path traversal vulnerability in Commvault Command Center Innovation Release allows an... Critical Unreviewed
CVE-2025-34028 was published Apr 22, 2025
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability... Critical Unreviewed
CVE-2025-34154 was published Aug 13, 2025
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on... Critical Unreviewed
CVE-2025-12422 was published Oct 28, 2025
N-central < 2025.4 is vulnerable to authentication bypass via path traversal Critical Unreviewed
CVE-2025-11366 was published Nov 12, 2025
Flowise is vulnerable to arbitrary file write through its WriteFileTool Critical
CVE-2025-61913 was published for Flowise (npm) Oct 9, 2025
XlabAITeam
Credited to XlabAITeam
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious... Critical Unreviewed
CVE-2025-40549 was published Nov 18, 2025
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly... Critical Unreviewed
CVE-2025-34320 was published Nov 20, 2025
A Directory Traversal vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54347 was published Nov 25, 2025
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by... Critical Unreviewed
CVE-2025-59366 was published Nov 25, 2025
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction Critical
GHSA-rj4j-2jph-gg43 was published for github.com/lf-edge/ekuiper/v2 (Go) Nov 24, 2025
odaysec ptrgits
Credited to odaysec and ptrgits
A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to... Critical Unreviewed
CVE-2024-44373 was published Aug 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database