Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,759
Maven
5,000+
npm
4,365
NuGet
767
pip
4,133
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,222 advisories

Loading
vite allows server.fs.deny bypass via backslash on Windows Moderate
CVE-2025-62522 was published for vite (npm) Oct 20, 2025
minhnb11 bluwy
Credited to minhnb11 and bluwy
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the... Moderate Unreviewed
CVE-2025-11941 was published Oct 19, 2025
A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown... Moderate Unreviewed
CVE-2025-11939 was published Oct 19, 2025
A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by... Moderate Unreviewed
CVE-2025-11913 was published Oct 17, 2025
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this... Moderate Unreviewed
CVE-2025-11914 was published Oct 17, 2025
Mammoth is vulnerable to Directory Traversal Moderate
CVE-2025-11849 was published for Mammoth (Maven) Oct 17, 2025
PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure Moderate
CVE-2025-61923 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
Smidge is vulnerable to Path Traversal Moderate
CVE-2025-11842 was published for Smidge (NuGet) Oct 16, 2025
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... Moderate Unreviewed
CVE-2025-53951 was published Oct 16, 2025
A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to... Moderate Unreviewed
CVE-2025-54755 was published Oct 15, 2025
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and... Moderate Unreviewed
CVE-2025-37144 was published Oct 14, 2025
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and... Moderate Unreviewed
CVE-2025-37145 was published Oct 14, 2025
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4... Moderate Unreviewed
CVE-2025-10986 was published Oct 14, 2025
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web... Moderate Unreviewed
CVE-2025-42906 was published Oct 14, 2025
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11631 was published Oct 12, 2025
A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function... Moderate Unreviewed
CVE-2025-11630 was published Oct 12, 2025
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element... Moderate Unreviewed
CVE-2025-11607 was published Oct 11, 2025
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in... Moderate Unreviewed
CVE-2025-9950 was published Oct 11, 2025
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers... Moderate Unreviewed
CVE-2025-21048 was published Oct 10, 2025
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an... Moderate Unreviewed
CVE-2025-35056 was published Oct 9, 2025
Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying... Moderate Unreviewed
CVE-2025-35053 was published Oct 9, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43934 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43889 was published Oct 7, 2025
A client-side path traversal vulnerability was discovered in the web management interface front... Moderate Unreviewed
CVE-2025-3718 was published Oct 7, 2025
Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W... Moderate Unreviewed
CVE-2025-60969 was published Oct 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database