Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

296 advisories

Loading
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4... Moderate Unreviewed
CVE-2025-59776 was published Oct 24, 2025
A relative path traversal vulnerability was discovered in Productivity Suite software version 4... High Unreviewed
CVE-2025-58078 was published Oct 24, 2025
A relative path traversal vulnerability was discovered in Productivity Suite software version 4... High Unreviewed
CVE-2025-58456 was published Oct 24, 2025
Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing... High Unreviewed
CVE-2025-11898 was published Oct 17, 2025
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun Credited to im-soohyun and J1vvoo J1vvoo J1vvoo
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification... Moderate Unreviewed
CVE-2025-10249 was published Oct 9, 2025
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written... Low Unreviewed
CVE-2025-62187 was published Oct 7, 2025
Django vulnerable to partial directory traversal via archives Low
CVE-2025-59682 was published for django (pip) Oct 1, 2025
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving... Moderate Unreviewed
CVE-2025-60020 was published Sep 24, 2025
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote... Moderate Unreviewed
CVE-2025-9570 was published Sep 23, 2025
esm.sh has File Inclusion issue High
CVE-2025-59341 was published for github.com/esm-dev/esm.sh (Go) Sep 17, 2025
j3ssie Credited to j3ssie
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload Moderate Unreviewed
CVE-2025-59456 was published Sep 17, 2025
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker... Critical Unreviewed
CVE-2025-55115 was published Sep 16, 2025
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that... High Unreviewed
CVE-2025-10203 was published Sep 15, 2025
Vite's `server.fs` settings were not applied to HTML files Low
CVE-2025-58752 was published for vite (npm) Sep 9, 2025
orihjfrog Credited to orihjfrog and dominikg dominikg dominikg
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7... Moderate Unreviewed
CVE-2025-53609 was published Sep 9, 2025
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7... Moderate Unreviewed
CVE-2025-25048 was published Sep 4, 2025
XWiki configuration files can be accessed through jsx and sx endpoints Critical
CVE-2025-55748 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Sep 3, 2025
XWiki configuration files can be accessed through the webjars API Critical
CVE-2025-55747 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) Sep 3, 2025
Opencast has a partial path traversal vulnerability in UI config Low
CVE-2025-55202 was published for org.opencastproject:opencast-user-interface-configuration (Maven) Aug 29, 2025
odaysec Credited to odaysec and lkiesow lkiesow lkiesow
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing... High Unreviewed
CVE-2025-9639 was published Aug 29, 2025
An authorized remote attacker can access files and directories outside the intended web root,... Moderate Unreviewed
CVE-2021-4459 was published Aug 27, 2025
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-8464 was published Aug 16, 2025
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all... Moderate Unreviewed
CVE-2024-48892 was published Aug 12, 2025
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0... Moderate Unreviewed
CVE-2024-40588 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database