Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,187 advisories

Loading
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE... Moderate Unreviewed
CVE-2023-7207 was published Feb 29, 2024
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can... High Unreviewed
CVE-2025-32820 was published May 7, 2025
A path traversal vulnerability in Commvault Command Center Innovation Release allows an... Critical Unreviewed
CVE-2025-34028 was published Apr 22, 2025
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows... Moderate Unreviewed
CVE-2020-17385 was published May 24, 2022
OpenStack Ironic fails to restrict paths used for file:// image URLs Low
CVE-2025-44021 was published for ironic (pip) May 8, 2025
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin... High Unreviewed
CVE-2025-4206 was published May 9, 2025
The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,... Moderate Unreviewed
CVE-2025-3897 was published May 9, 2025
The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for... High Unreviewed
CVE-2025-2158 was published May 10, 2025
A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as... Moderate Unreviewed
CVE-2025-4511 was published May 10, 2025
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been... Moderate Unreviewed
CVE-2025-4530 was published May 11, 2025
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been... Moderate Unreviewed
CVE-2025-4529 was published May 11, 2025
A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as... Moderate Unreviewed
CVE-2025-4545 was published May 11, 2025
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage... Moderate Unreviewed
CVE-2025-28099 was published Apr 21, 2025
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits... High Unreviewed
CVE-2024-4982 was published May 12, 2025
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
rnijveld
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9... Critical Unreviewed
CVE-2025-4632 was published May 13, 2025
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all... High Unreviewed
CVE-2022-3060 was published Oct 17, 2022
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an... High Unreviewed
CVE-2024-6648 was published May 8, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an... Critical Unreviewed
CVE-2025-30387 was published May 13, 2025
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
Kirby vulnerable to path traversal in the router for PHP's built-in server Low
CVE-2025-30207 was published for getkirby/cms (Composer) May 13, 2025
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper Moderate
CVE-2025-30159 was published for getkirby/kirby (Composer) May 13, 2025
bnomei tobimori
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation... Moderate Unreviewed
CVE-2025-43566 was published May 13, 2025
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a... Moderate Unreviewed
CVE-2025-45239 was published May 5, 2025
upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit High Unreviewed
CVE-2025-28055 was published May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database