Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,767
Maven
5,000+
npm
4,373
NuGet
770
pip
4,145
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from... Moderate Unreviewed
CVE-2016-20023 was published Dec 5, 2025
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site... Moderate Unreviewed
CVE-2025-66386 was published Nov 28, 2025
A Path Traversal vulnerability has been identified in the Email Security appliance allows an... Moderate Unreviewed
CVE-2025-40605 was published Nov 20, 2025
A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown... Moderate Unreviewed
CVE-2025-13199 was published Nov 15, 2025
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard elrido
rugk
Credited to esnard, elrido, and rugk
Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00... Moderate Unreviewed
CVE-2025-46363 was published Oct 30, 2025
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4... Moderate Unreviewed
CVE-2025-60023 was published Oct 24, 2025
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4... Moderate Unreviewed
CVE-2025-59776 was published Oct 24, 2025
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion... Moderate Unreviewed
CVE-2024-56340 was published Feb 28, 2025
A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry)... Moderate Unreviewed
CVE-2024-10019 was published Mar 20, 2025
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification... Moderate Unreviewed
CVE-2025-10249 was published Oct 9, 2025
Directory Traversal in Next.js Moderate
CVE-2020-5284 was published for next (npm) Mar 30, 2020
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving... Moderate Unreviewed
CVE-2025-60020 was published Sep 24, 2025
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote... Moderate Unreviewed
CVE-2025-9570 was published Sep 23, 2025
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload Moderate Unreviewed
CVE-2025-59456 was published Sep 17, 2025
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7... Moderate Unreviewed
CVE-2025-53609 was published Sep 9, 2025
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7... Moderate Unreviewed
CVE-2025-25048 was published Sep 4, 2025
An authorized remote attacker can access files and directories outside the intended web root,... Moderate Unreviewed
CVE-2021-4459 was published Aug 27, 2025
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-8464 was published Aug 16, 2025
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0... Moderate Unreviewed
CVE-2024-40588 was published Aug 12, 2025
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all... Moderate Unreviewed
CVE-2024-48892 was published Aug 12, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code Moderate
CVE-2025-55013 was published for assemblyline-service-client (pip) Jul 25, 2025
serexp
Credited to serexp
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to... Moderate Unreviewed
CVE-2025-51052 was published Aug 6, 2025
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete... Moderate Unreviewed
CVE-2025-53082 was published Jul 29, 2025
Filemanager is vulnerable to Relative Path Traversal through filemanager.php Moderate
CVE-2025-46002 was published for simogeo/filemanager (Composer) Jul 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database