Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
ptrgits giteku
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
chximn-dt
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint Critical
CVE-2025-28384 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
Apache Ivy does not verify target path when extracting the archive Critical
CVE-2022-37865 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
Alist vulnerable to Path Traversal Critical
CVE-2022-45969 was published for github.com/alist-org/alist/v3 (Go) Dec 16, 2022
ThinkPHP Framework vulnerable to remote code execution Critical
CVE-2022-47945 was published for topthink/framework (Composer) Dec 23, 2022
Remote code execution in mlflow Critical
CVE-2024-0520 was published for mlflow (pip) Jun 6, 2024
Blogifier does not properly restrict APIs Critical
CVE-2019-12277 was published for Blogifier.Core (NuGet) May 24, 2022
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload Critical
CVE-2024-10833 was published for dbgpt (pip) Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
Aim path traversal in LockManager.release_locks Critical
CVE-2024-8769 was published for aim (pip) Mar 20, 2025
AgentScope path traversal vulnerability in save-workflow Critical
CVE-2024-8551 was published for agentscope (pip) Mar 20, 2025
AgentScope path traversal vulnerability Critical
CVE-2024-8537 was published for agentscope (pip) Mar 20, 2025
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account Critical
CVE-2025-27590 was published for oxidized-web (RubyGems) Mar 3, 2025
Mattermost allows reading arbitrary files Critical
CVE-2025-20051 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Mattermost allows reading arbitrary files related to importing boards Critical
CVE-2025-25279 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
WhoDB has a path traversal opening Sqlite3 database Critical
CVE-2025-24786 was published for github.com/clidey/whodb/core (Go) Feb 6, 2025
nnsee modelorona
hkdeman
Deep Java Library path traversal issue Critical
CVE-2025-0851 was published for ai.djl:api (Maven) Jan 29, 2025
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database