Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,228 advisories

Loading
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method. High Unreviewed
CVE-2025-65838 was published Dec 1, 2025
Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S... High Unreviewed
CVE-2025-66251 was published Nov 26, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-13645 was published Dec 3, 2025
Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption High
CVE-2025-66295 was published for getgrav/grav (Composer) Dec 2, 2025
NicatAliyevh
Credited to NicatAliyevh
Gin-vue-admin has an arbitrary file deletion vulnerability High
CVE-2025-66410 was published for github.com/flipped-aurora/gin-vue-admin (Go) Dec 2, 2025
Keras Directory Traversal Vulnerability High
CVE-2025-12060 was published for keras (pip) Dec 2, 2025
ready-research
Credited to ready-research
Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack High
GHSA-28jp-44vh-q42h was published for keras (pip) Oct 30, 2025 withdrawn
Grav is vulnerable to Arbitrary File Read High
CVE-2025-66300 was published for getgrav/grav (Composer) Dec 2, 2025
thanayut1750
Credited to thanayut1750
Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack High
CVE-2025-12638 was published for Keras (pip) Nov 28, 2025 withdrawn
SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides... High Unreviewed
CVE-2025-63365 was published Dec 1, 2025
Improper input sanitization in the file archives upload functionality of Eaton Galileo software... High Unreviewed
CVE-2025-59890 was published Nov 27, 2025
Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution High
CVE-2025-54386 was published for github.com/traefik/traefik/v2 (Go) Aug 1, 2025
odaysec
Credited to odaysec
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron shaked-seal
Credited to masasron and shaked-seal
esm.sh CDN service has arbitrary file write via tarslip High
CVE-2025-65025 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
Traefik has a possible vulnerability with its path matchers High
CVE-2025-32431 was published for github.com/traefik/traefik (Go) Apr 21, 2025
UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion... High Unreviewed
CVE-2025-34350 was published Nov 25, 2025
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated... High Unreviewed
CVE-2025-12003 was published Nov 25, 2025
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute... High Unreviewed
CVE-2025-60915 was published Nov 24, 2025
A low privileged remote attacker can upload a new or overwrite an existing python script by using... High Unreviewed
CVE-2025-41736 was published Nov 18, 2025
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled... High Unreviewed
CVE-2025-8941 was published Aug 13, 2025
Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability... High Unreviewed
CVE-2025-63371 was published Nov 19, 2025
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-11001 was published Nov 20, 2025
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL... High Unreviewed
CVE-2025-34048 was published Jun 26, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-60242 was published Nov 6, 2025
Malicious URL drafting attack against iodines static file server may allow path traversal High
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database