GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,850
Composer 5,061
Erlang 39
GitHub Actions 38
Go 2,690
Maven 6,134
npm 4,320
NuGet 760
pip 4,096
Pub 12
RubyGems 958
Rust 1,063
Swift 45

Unreviewed advisories

All unreviewed 278,596

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

691 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S... Critical Unreviewed

CVE-2025-66262 was published Nov 26, 2025

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by... Critical Unreviewed

CVE-2025-59366 was published Nov 25, 2025

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed

CVE-2025-54347 was published Nov 25, 2025

BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly... Critical Unreviewed

CVE-2025-34320 was published Nov 20, 2025

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious... Critical Unreviewed

CVE-2025-40549 was published Nov 18, 2025

N-central < 2025.4 is vulnerable to authentication bypass via path traversal Critical Unreviewed

CVE-2025-11366 was published Nov 12, 2025

Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on... Critical Unreviewed

CVE-2025-12422 was published Oct 28, 2025

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability... Critical Unreviewed

CVE-2025-34154 was published Aug 13, 2025

A path traversal vulnerability in Commvault Command Center Innovation Release allows an... Critical Unreviewed

CVE-2025-34028 was published Apr 22, 2025

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine... Critical Unreviewed

CVE-2023-47211 was published Jan 8, 2024

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution ... Critical Unreviewed

CVE-2025-12493 was published Nov 4, 2025

A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4... Critical Unreviewed

CVE-2025-30429 was published Apr 1, 2025

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39787 was published Jan 14, 2025

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39786 was published Jan 14, 2025

Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In... Critical Unreviewed

CVE-2023-39332 was published Oct 18, 2023

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and... Critical Unreviewed

CVE-2025-9963 was published Sep 23, 2025

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative... Critical Unreviewed

CVE-2022-2120 was published Jun 25, 2022

OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path... Critical Unreviewed

CVE-2022-2119 was published Jun 25, 2022

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component:... Critical Unreviewed

CVE-2025-61882 was published Oct 5, 2025

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper... Critical Unreviewed

CVE-2025-27920 was published May 5, 2025

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9... Critical Unreviewed

CVE-2025-4632 was published May 13, 2025

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12... Critical Unreviewed

CVE-2024-7262 was published Aug 15, 2024

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This... Critical Unreviewed

CVE-2022-29464 was published Apr 20, 2022

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <=... Critical Unreviewed

CVE-2021-20090 was published May 24, 2022

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to... Critical Unreviewed

CVE-2024-8963 was published Sep 19, 2024

Previous1…28 Next

Previous 1 2 3 4 5 … 27 28 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

691 advisories