Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,228 advisories

Loading
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to... High Unreviewed
CVE-2025-50735 was published Nov 3, 2025
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the... High Unreviewed
CVE-2025-2817 was published Apr 29, 2025
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
Credited to lukaselmer and cai0duque
A path handling issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43196 was published Jul 30, 2025
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules),... High Unreviewed
CVE-2023-35852 was published Jun 19, 2023
The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an... High Unreviewed
CVE-2021-33178 was published May 24, 2022
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file... High Unreviewed
CVE-2025-12055 was published Oct 27, 2025
Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and... High Unreviewed
CVE-2025-39664 was published Oct 9, 2025
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all... High Unreviewed
CVE-2025-10897 was published Oct 31, 2025
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to... High Unreviewed
CVE-2025-3356 was published Oct 30, 2025
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to... High Unreviewed
CVE-2025-3355 was published Oct 30, 2025
Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue... High Unreviewed
CVE-2025-41073 was published Oct 23, 2025
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a... High Unreviewed
CVE-2019-18187 was published May 24, 2022
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing... High Unreviewed
CVE-2025-9064 was published Oct 14, 2025
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to... High Unreviewed
CVE-2025-27222 was published Oct 27, 2025
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint High
CVE-2025-28382 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-10488 was published Oct 25, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact... High Unreviewed
CVE-2025-54963 was published Oct 23, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal... High Unreviewed
CVE-2025-34518 was published Oct 16, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal... High Unreviewed
CVE-2025-34517 was published Oct 16, 2025
actionpack Path Traversal vulnerability High
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
Administration Console authentication bypass in openfire xmppserver High
CVE-2023-32315 was published for org.igniterealtime.openfire:xmppserver (Maven) May 23, 2023
akrherz Fishbowler
guusdk Siebene
Credited to akrherz, Fishbowler, guusdk, and Siebene
Grafana path traversal High
CVE-2021-43798 was published for github.com/grafana/grafana (Go) Feb 1, 2024
jordyv
Credited to jordyv
Directory Traversal in Archive_Tar High
CVE-2020-36193 was published for pear/archive_tar (Composer) Apr 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database