Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

829 advisories

Loading
Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0... Critical Unreviewed
CVE-2025-46783 was published Jun 13, 2025
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers... Critical Unreviewed
CVE-2023-6623 was published Jan 15, 2024
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter... Critical Unreviewed
CVE-2025-4517 was published Jun 3, 2025
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions ... Critical Unreviewed
CVE-2024-12718 was published Jun 3, 2025
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files... Critical Unreviewed
CVE-2023-38951 was published Aug 4, 2023
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is... Critical Unreviewed
CVE-2025-4524 was published May 21, 2025
Improper limitation of pathname in Circuit Provisioning and File Import applications allows... Critical Unreviewed
CVE-2025-48017 was published May 20, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-32926 was published May 19, 2025
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4564 was published May 15, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an... Critical Unreviewed
CVE-2025-30387 was published May 13, 2025
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2025-45238 was published May 5, 2025
Apache Ivy does not verify target path when extracting the archive Critical
CVE-2022-37865 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5). Critical Unreviewed
CVE-2022-38165 was published Nov 18, 2022
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW)... Critical Unreviewed
CVE-2025-0632 was published Apr 21, 2025
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a... Critical Unreviewed
CVE-2025-26692 was published Apr 28, 2025
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file... Critical Unreviewed
CVE-2025-3065 was published Apr 24, 2025
Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated... Critical Unreviewed
CVE-2021-36471 was published Feb 8, 2023
Alist vulnerable to Path Traversal Critical
CVE-2022-45969 was published for github.com/alist-org/alist/v3 (Go) Dec 16, 2022
An improper limitation of a pathname to a restricted directory vulnerability was identified in... Critical Unreviewed
CVE-2022-46255 was published Dec 14, 2022
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by... Critical Unreviewed
CVE-2025-22927 was published Apr 3, 2025
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a... Critical Unreviewed
CVE-2025-29660 was published Apr 21, 2025
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal... Critical Unreviewed
CVE-2017-17739 was published May 14, 2022
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion... Critical Unreviewed
CVE-2017-7974 was published May 17, 2022
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and... Critical Unreviewed
CVE-2015-8352 was published May 14, 2022
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a... Critical Unreviewed
CVE-2017-12943 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database