Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,877
Erlang
37
GitHub Actions
38
Go
2,532
Maven
5,000+
npm
4,191
NuGet
742
pip
3,970
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,215 advisories

Loading
Path traversal in atlasboard High
CVE-2021-39109 was published for atlasboard (npm) Sep 2, 2021
AryazE
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23 AryazE
xml2rfc is vulnerable to arbitrary file reads through prepped files High
CVE-2025-11059 was published for xml2rfc (pip) Sep 10, 2025
xml2rfc has an arbitrary file read vulnerability High
CVE-2025-11058 was published for xml2rfc (pip) Aug 26, 2025
node-static and @nubosoftware/node-static vulnerable to Directory Traversal High
CVE-2023-26111 was published for @nubosoftware/node-static (npm) Mar 6, 2023
lirantal
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
lirantal
m.static Directory Traversal vulnerability High
CVE-2023-26126 was published for m.static (npm) May 10, 2023
lirantal
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py High
CVE-2025-50817 was published for future (pip) Aug 14, 2025
BarrensZeppelin
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
lirantal
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball High
CVE-2025-59343 was published for tar-fs (npm) Sep 24, 2025
lukaselmer cai0duque
MONAI does not prevent path traversal, potentially leading to arbitrary file writes High
CVE-2025-58755 was published for monai (pip) Sep 9, 2025
h3rrr
Mattermost Path Traversal vulnerability High
CVE-2025-9079 was published for github.com/mattermost/mattermost-server (Go) Sep 19, 2025
DragonFly vulnerable to arbitrary file read and write on a peer machine Moderate
CVE-2025-59352 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Servst vulnerable to Path Traversal High
CVE-2022-25936 was published for servst (npm) Jan 30, 2023
lirantal
ml-logger has path traversal in the file argument Moderate
CVE-2025-10951 was published for ml-logger (pip) Sep 25, 2025
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
InvokeAI has External Control of File Name or Path Critical
CVE-2025-6237 was published for invokeai (pip) Sep 18, 2025
cai0duque
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown woodruffw
charliermarsh zanieb
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
Langchain-Chatchat has a Path Traversal vulnerability Low
CVE-2025-6853 was published for langchain-chatchat (pip) Jun 29, 2025
Flowise has arbitrary file access due to missing chat flow id validation Critical
GHSA-q67q-549q-p849 was published for flowise (npm) Sep 15, 2025
rpie9
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
CVE-2025-59049 was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Path Traversal in Liferay Portal High
CVE-2022-42123 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database