Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,184 advisories

Loading
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... High Unreviewed
CVE-2025-5740 was published Jun 10, 2025
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified... Moderate Unreviewed
CVE-2024-2318 was published Mar 8, 2024
OpenRefine vulnerable to zip slip in project import Moderate
CVE-2023-37476 was published for org.openrefine:main (Maven) Jul 18, 2023
stefan-schiller-sonarsource
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose... High Unreviewed
CVE-2025-37100 was published Jun 10, 2025
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
Erxes Path Traversal vulnerability High
CVE-2024-57186 was published for erxes (npm) Jun 10, 2025
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. High Unreviewed
CVE-2025-47176 was published Jun 10, 2025
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers... Critical Unreviewed
CVE-2023-6623 was published Jan 15, 2024
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix... Moderate Unreviewed
CVE-2025-40592 was published Jun 12, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a... Moderate Unreviewed
CVE-2025-2048 was published Apr 1, 2025
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write High
CVE-2025-47273 was published for setuptools (pip) May 19, 2025
SCH227
Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0... Critical Unreviewed
CVE-2025-46783 was published Jun 13, 2025
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the ... Moderate Unreviewed
CVE-2025-32103 was published Apr 15, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
Solon Vulnerable to Directory Traversal Moderate
CVE-2025-46096 was published for org.noear:solon-faas-luffy (Maven) Jun 13, 2025
The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all... Moderate Unreviewed
CVE-2025-6070 was published Jun 14, 2025
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-4187 was published Jun 14, 2025
The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-6065 was published Jun 14, 2025
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows... High Unreviewed
CVE-2025-5964 was published Jun 15, 2025
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to... Moderate Unreviewed
CVE-2025-6108 was published Jun 16, 2025
A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic.... Moderate Unreviewed
CVE-2025-6109 was published Jun 16, 2025
Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler High
CVE-2025-3594 was published for com.liferay:com.liferay.server.admin.web (Maven) Jun 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database