Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

428 advisories

Loading
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction Moderate
CVE-2025-58162 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Mattermost Fails to Sanitize File Names Moderate
CVE-2025-6465 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Sanitize Path Traversal Sequences Moderate
CVE-2025-8023 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate File Paths Moderate
CVE-2025-36530 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Dpanel has an arbitrary file read vulnerability Moderate
CVE-2025-53363 was published for github.com/donknap/dpanel (Go) Aug 22, 2025
LTLTLXEY
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Moderate
CVE-2015-5174 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
anlakii
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Moderate
CVE-2015-5345 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ anlakii
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
vite-plugin-static-copy files not included in `src` are possible to access with a crafted request Moderate
CVE-2025-57753 was published for vite-plugin-static-copy (npm) Aug 21, 2025
ikkisoft
Copier's safe template has filesystem write access outside destination path Moderate
CVE-2025-55214 was published for copier (pip) Aug 18, 2025
sisp pawamoy
yajo
Spring Framework MVC Applications Path Traversal Vulnerability Moderate
CVE-2025-41242 was published for org.springframework:spring-webmvc (Maven) Aug 18, 2025
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22) Moderate
CVE-2025-55149 was published for tiny-scientist (pip) Aug 11, 2025
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal Moderate
CVE-2025-5981 was published for github.com/google/osv-scalibr (Go) Jun 18, 2025
Malayke
IPX Allows Path Traversal via Prefix Matching Bypass Moderate
CVE-2025-54387 was published for ipx (npm) Aug 4, 2025
dellalibera
Safearchive Path Traversal vulnerability Moderate
CVE-2024-10389 was published for github.com/google/safearchive (Go) Nov 4, 2024
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
Mattermost Path Traversal vulnerability Moderate
CVE-2025-6233 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Measured is vulnerable to Path Traversal attacks during class initialization Moderate
GHSA-29g5-m8v7-v564 was published for measured (RubyGems) Jul 15, 2025
calysteon
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format Moderate
CVE-2025-53622 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
MMilosz kshepherd
Dagster vulnerable to Path Traversal attack through its /logs endpoint Moderate
CVE-2023-51232 was published for dagster (pip) Jul 7, 2025
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit Moderate
CVE-2025-6210 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
Microweber CMS API has authenticated local file inclusion vulnerability Moderate
CVE-2025-34076 was published for microweber/microweber (Composer) Jul 2, 2025
python-a2a has a path traversal in the create_workflow function Moderate
CVE-2025-6167 was published for python-a2a (pip) Jun 17, 2025
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate
CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database