Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,407 advisories

Loading
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via... Moderate Unreviewed
CVE-2025-34238 was published Nov 6, 2025
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-12490 was published Nov 6, 2025
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G... Moderate Unreviewed
CVE-2025-22397 was published Nov 6, 2025
Magento Path Traversal vulnerability High
CVE-2024-39399 was published for magento/community-edition (Composer) Aug 14, 2024
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun J1vvoo
Credited to im-soohyun and J1vvoo
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function High
CVE-2025-54293 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker... Moderate Unreviewed
CVE-2025-20374 was published Nov 5, 2025
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability High
CVE-2025-11201 was published for mlflow (pip) Oct 29, 2025
Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions... Moderate Unreviewed
CVE-2025-8749 was published Aug 8, 2025
Path traversal attack is possible and write outside of the intended directory and may access... High Unreviewed
CVE-2024-25567 was published Mar 22, 2024
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability... Critical Unreviewed
CVE-2025-34154 was published Aug 13, 2025
A path traversal vulnerability in Commvault Command Center Innovation Release allows an... Critical Unreviewed
CVE-2025-34028 was published Apr 22, 2025
Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an... High Unreviewed
CVE-2024-13986 was published Aug 28, 2025
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting... High Unreviewed
CVE-2025-27210 was published Jul 19, 2025
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15... Moderate Unreviewed
CVE-2025-34508 was published Jun 17, 2025
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging... High Unreviewed
CVE-2025-2749 was published Mar 24, 2025
A vulnerability has been identified in Node.js, specifically affecting the handling of drive... Moderate Unreviewed
CVE-2025-23084 was published Jan 28, 2025
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat High
CVE-2024-24749 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
Kai5174 sikeoka
jodygarnett
Credited to Kai5174, sikeoka, and jodygarnett
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2024-23216 was published Mar 8, 2024
A path handling issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2023-42947 was published Mar 28, 2024
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine... Critical Unreviewed
CVE-2023-47211 was published Jan 8, 2024
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database