Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,222 advisories

Loading
mcp-server-git has missing path validation when using --repository flag Moderate
CVE-2025-68145 was published for mcp-server-git (pip) Dec 17, 2025
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations Moderate
CVE-2025-68143 was published for mcp-server-git (pip) Dec 17, 2025
The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all... Moderate Unreviewed
CVE-2025-12496 was published Dec 17, 2025
WaveView client allows users to execute restricted set of predefined commands and scripts on the... Moderate Unreviewed
CVE-2025-65075 was published Dec 16, 2025
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown... Moderate Unreviewed
CVE-2025-14702 was published Dec 15, 2025
A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-14704 was published Dec 15, 2025
A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This... Moderate Unreviewed
CVE-2025-14698 was published Dec 15, 2025
A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This... Moderate Unreviewed
CVE-2025-14699 was published Dec 15, 2025
A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android.... Moderate Unreviewed
CVE-2025-14617 was published Dec 13, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-43463 was published Dec 12, 2025
The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up... Moderate Unreviewed
CVE-2025-12960 was published Dec 12, 2025
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path... Moderate Unreviewed
CVE-2025-13891 was published Dec 12, 2025
The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the ... Moderate Unreviewed
CVE-2025-13972 was published Dec 12, 2025
The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to... Moderate Unreviewed
CVE-2025-14293 was published Dec 11, 2025
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c.... Moderate Unreviewed
CVE-2025-14520 was published Dec 11, 2025
A security vulnerability has been detected in baowzh hfly up to... Moderate Unreviewed
CVE-2025-14521 was published Dec 11, 2025
Pyrofork has a Path Traversal in download_media Method Moderate
CVE-2025-67720 was published for pyrofork (pip) Dec 10, 2025
yueyueL
Credited to yueyueL
Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability Moderate
CVE-2025-67643 was published for org.jenkinsci.plugins:pipeline-reporter-by-redpen (Maven) Dec 10, 2025
A lack of security checks in the file import process of RHOPHI Analytics LLP Office App-Edit Word... Moderate Unreviewed
CVE-2025-65814 was published Dec 10, 2025
A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC,... Moderate Unreviewed
CVE-2025-65815 was published Dec 10, 2025
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions... Moderate Unreviewed
CVE-2025-13677 was published Dec 10, 2025
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of... Moderate Unreviewed
CVE-2025-11531 was published Dec 9, 2025
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1... Moderate Unreviewed
CVE-2025-65287 was published Dec 9, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-14311 was published Dec 9, 2025
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this... Moderate Unreviewed
CVE-2025-14224 was published Dec 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database