Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality High
CVE-2025-65346 was published for alexusmai/laravel-file-manager (Composer) Dec 4, 2025
Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption High
CVE-2025-66295 was published for getgrav/grav (Composer) Dec 2, 2025
NicatAliyevh
Credited to NicatAliyevh
Grav is vulnerable to Arbitrary File Read High
CVE-2025-66300 was published for getgrav/grav (Composer) Dec 2, 2025
thanayut1750
Credited to thanayut1750
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal vulnerability High
CVE-2024-39399 was published for magento/community-edition (Composer) Aug 14, 2024
Directory Traversal in Archive_Tar High
CVE-2020-36193 was published for pear/archive_tar (Composer) Apr 22, 2021
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
rewhile
Credited to rewhile
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
ThinkAdmin directory traversal vulnerability High
CVE-2020-25540 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AnonySE26
Credited to AnonySE26
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
GeSHi vulnerable to Directory Traversal High
CVE-2012-3521 was published for geshi/geshi (Composer) May 17, 2022
phpMyAdmin Directory Traversal vulnerability High
CVE-2011-2508 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Yeswiki Path Traversal vulnerability allows arbitrary read of files High
CVE-2025-31131 was published for yeswiki/yeswiki (Composer) Apr 1, 2025
masquerad3r
Credited to masquerad3r
Adobe Commerce Path Traversal High
CVE-2025-24406 was published for magento/community-edition (Composer) Feb 11, 2025
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
DevDojo Voyager vulnerable to path traversal High
CVE-2024-55415 was published for tcg/voyager (Composer) Jan 30, 2025
Authenticated arbitrary file deletion in YesWiki High
CVE-2025-24019 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Credited to bWlrYQ and Nishacid
Spatie Browsershot Directory Traversal vulnerability High
CVE-2024-21547 was published for spatie/browsershot (Composer) Dec 18, 2024
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes
Credited to pk2codes
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution High
CVE-2024-52291 was published for craftcms/cms (Composer) Nov 13, 2024
senzee1984
Credited to senzee1984
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
SQL injection in funadmin High
CVE-2024-48224 was published for funadmin/funadmin (Composer) Oct 25, 2024
Grav File Upload Path Traversal High
CVE-2024-27921 was published for getgrav/grav (Composer) Mar 22, 2024
richighimi
Credited to richighimi
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Credited to adiux and mollux
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database