GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,835
Composer 4,870
Erlang 36
GitHub Actions 36
Go 2,493
Maven 5,926
npm 4,126
NuGet 735
pip 3,943
Pub 12
RubyGems 945
Rust 1,021
Swift 39

Unreviewed advisories

All unreviewed 269,195

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

7,176 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed

CVE-2025-49303 was published Jul 4, 2025

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed

CVE-2025-28980 was published Jul 4, 2025

The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed

CVE-2025-2932 was published Jul 3, 2025

Microweber CMS API has authenticated local file inclusion vulnerability Moderate

CVE-2025-34076 was published for microweber/microweber (Composer) Jul 2, 2025

The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed

CVE-2025-4946 was published Jul 2, 2025

Path traversal in WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote... High Unreviewed

CVE-2025-27022 was published Jul 2, 2025

Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network... Moderate Unreviewed

CVE-2025-24330 was published Jul 2, 2025

Sending a crafted SOAP "provision" operation message archive field within the Mobile Network... Moderate Unreviewed

CVE-2025-24329 was published Jul 2, 2025

The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file... High Unreviewed

CVE-2025-5014 was published Jul 2, 2025

@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High

CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. High Unreviewed

CVE-2025-37098 was published Jul 1, 2025

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote... High Unreviewed

CVE-2025-34058 was published Jul 1, 2025

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical.... Moderate Unreviewed

CVE-2025-6925 was published Jun 30, 2025

A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This... Moderate Unreviewed

CVE-2025-6866 was published Jun 29, 2025

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0... Moderate Unreviewed

CVE-2025-6854 was published Jun 29, 2025

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain... Moderate Unreviewed

CVE-2025-6855 was published Jun 29, 2025

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to... Moderate Unreviewed

CVE-2025-6853 was published Jun 29, 2025

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed

CVE-2025-6755 was published Jun 28, 2025

The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all... High Unreviewed

CVE-2025-6379 was published Jun 28, 2025

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical.... Moderate Unreviewed

CVE-2025-6774 was published Jun 27, 2025

A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7.... Moderate Unreviewed

CVE-2025-6776 was published Jun 27, 2025

HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate

CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical.... Moderate Unreviewed

CVE-2025-6772 was published Jun 27, 2025

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed

CVE-2025-53298 was published Jun 27, 2025

raspap-webgui has a Directory Traversal vulnerability High

CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025

Previous 1…10…288 Next

Previous 1 2 … 8 9 10 11 12 … 287 288 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

7,176 advisories