Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,335 advisories

Loading
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-62630 was published Nov 7, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-59171 was published Nov 7, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-58423 was published Nov 7, 2025
KubeVirt Arbitrary Container File Read Moderate
CVE-2025-64433 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-12490 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via... Moderate Unreviewed
CVE-2025-34238 was published Nov 6, 2025
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G... Moderate Unreviewed
CVE-2025-22397 was published Nov 6, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Unknown Unreviewed
CVE-2025-60242 was published Nov 6, 2025
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker... Moderate Unreviewed
CVE-2025-20374 was published Nov 5, 2025
Kgateway transformation policy template can emit files from the container Low
GHSA-5pmx-7r6r-wfqq was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
Dosage vulnerable to a Directory Traversal through crafted HTTP responses High
CVE-2025-64184 was published for dosage (pip) Nov 4, 2025
TobiX
Credited to TobiX
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution ... Critical Unreviewed
CVE-2025-12493 was published Nov 4, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-43382 was published Nov 4, 2025
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to... High Unreviewed
CVE-2025-50735 was published Nov 3, 2025
A security flaw has been discovered in jeecgboot jeewx-boot up to... Moderate Unreviewed
CVE-2025-12626 was published Nov 3, 2025
The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and... Moderate Unreviewed
CVE-2025-8385 was published Oct 31, 2025
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all... High Unreviewed
CVE-2025-10897 was published Oct 31, 2025
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to... High Unreviewed
CVE-2025-3355 was published Oct 30, 2025
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to... High Unreviewed
CVE-2025-3356 was published Oct 30, 2025
Keras keras.utils.get_file API is vulnerable to a path traversal attack High
CVE-2025-12060 was published for keras (pip) Oct 30, 2025
Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This... Moderate Unreviewed
CVE-2025-11466 was published Oct 29, 2025
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability High
CVE-2025-11201 was published for mlflow (pip) Oct 29, 2025
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on... Critical Unreviewed
CVE-2025-12422 was published Oct 28, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to... High Unreviewed
CVE-2025-27222 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database