Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,943
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

328 advisories

Loading
vite allows server.fs.deny bypass via backslash on Windows Moderate
CVE-2025-62522 was published for vite (npm) Oct 20, 2025
minhnb11 bluwy
Credited to minhnb11 and bluwy
Mammoth is vulnerable to Directory Traversal Moderate
CVE-2025-11849 was published for Mammoth (Maven) Oct 17, 2025
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High
GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025
XlabAITeam
Credited to XlabAITeam
Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations Low
CVE-2025-11569 was published for cross-zip (npm) Oct 10, 2025 withdrawn
MarshallOfSound
Credited to MarshallOfSound
Flowise is vulnerable to arbitrary file write through its WriteFileTool Critical
CVE-2025-61913 was published for flowise (npm) Oct 9, 2025
XlabAITeam
Credited to XlabAITeam
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
Credited to lukaselmer and cai0duque
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
Credited to apyatko
Flowise has arbitrary file access due to missing chat flow id validation Critical
GHSA-q67q-549q-p849 was published for flowise (npm) Sep 15, 2025
rpie9
Credited to rpie9
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Credited to orihjfrog and lukeed
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request Moderate
CVE-2025-57753 was published for vite-plugin-static-copy (npm) Aug 21, 2025
ikkisoft
Credited to ikkisoft
Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access High
CVE-2025-54794 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
IPX Allows Path Traversal via Prefix Matching Bypass Moderate
CVE-2025-54387 was published for ipx (npm) Aug 4, 2025
dellalibera
Credited to dellalibera
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
lirantal
Credited to lirantal
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High
CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
Erxes Path Traversal vulnerability High
CVE-2024-57186 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
Credited to kos0ng
Vite's server.fs.deny bypassed with /. for files under project root Moderate
CVE-2025-46565 was published for vite (npm) Apr 30, 2025
chienhm
Credited to chienhm
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23 AryazE
Credited to pcreager23 and AryazE
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
CVE-2025-59049 was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
Credited to RisingZero
Vitest browser mode serves arbitrary files Moderate
CVE-2025-24963 was published for @vitest/browser (npm) Feb 4, 2025
sapphi-red
Credited to sapphi-red
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability Critical
CVE-2024-56198 was published for path-sanitizer (npm) Jan 2, 2025
realArcherL
Credited to realArcherL
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor Moderate
CVE-2024-56331 was published for uptime-kuma (npm) Dec 20, 2024
griisemine
Credited to griisemine
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database