Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,176 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-54021 was published Aug 20, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-48158 was published Aug 20, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-47650 was published Aug 20, 2025
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion... High Unreviewed
CVE-2025-8141 was published Aug 20, 2025
A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to... Critical Unreviewed
CVE-2024-44373 was published Aug 19, 2025
Copier's safe template has filesystem write access outside destination path Moderate
CVE-2025-55214 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Copier's safe template has arbitrary filesystem read/write access High
CVE-2025-55201 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Spring Framework MVC Applications Path Traversal Vulnerability Moderate
CVE-2025-41242 was published for org.springframework:spring-webmvc (Maven) Aug 18, 2025
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File... High Unreviewed
CVE-2025-3671 was published Aug 16, 2025
The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory... High Unreviewed
CVE-2025-7641 was published Aug 15, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-54715 was published Aug 14, 2025
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py High
CVE-2025-50817 was published for future (pip) Aug 14, 2025
BarrensZeppelin
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via... Critical Unreviewed
CVE-2012-10054 was published Aug 13, 2025
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability... Critical Unreviewed
CVE-2025-34154 was published Aug 13, 2025
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to... Critical Unreviewed
CVE-2011-10010 was published Aug 13, 2025
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p... High Unreviewed
CVE-2011-10009 was published Aug 13, 2025
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component,... High Unreviewed
CVE-2025-23304 was published Aug 13, 2025
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled... High Unreviewed
CVE-2025-8941 was published Aug 13, 2025
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability,... High Unreviewed
CVE-2025-8912 was published Aug 13, 2025
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability,... High Unreviewed
CVE-2025-8909 was published Aug 13, 2025
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory... Moderate Unreviewed
CVE-2025-0818 was published Aug 13, 2025
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... Moderate Unreviewed
CVE-2024-52964 was published Aug 12, 2025
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information... High Unreviewed
CVE-2025-53793 was published Aug 12, 2025
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and... Moderate Unreviewed
CVE-2025-49559 was published Aug 12, 2025
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,... Moderate Unreviewed
CVE-2025-8081 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database