Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,069 advisories

Loading
ThinkAdmin directory traversal vulnerability High
CVE-2020-25540 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AnonySE26
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows... High Unreviewed
CVE-2025-40629 was published May 16, 2025
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated... High Unreviewed
CVE-2023-38950 was published Aug 4, 2023
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with... High Unreviewed
CVE-2025-41229 was published May 20, 2025
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File High
CVE-2024-12905 was published for tar-fs (npm) Mar 27, 2025
pcreager23
Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This... High Unreviewed
CVE-2025-3884 was published May 22, 2025
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-3486 was published May 22, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-31053 was published May 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-47492 was published May 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-47512 was published May 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-47603 was published May 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-47535 was published May 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-48273 was published May 23, 2025
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-7x4w-cj9r-h4v9 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
joshbressers
Safe Software FME Server v2022.0.1.1 and below was discovered to contain a Path Traversal... High Unreviewed
CVE-2022-38340 was published Sep 21, 2022
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7,... High Unreviewed
CVE-2024-23182 was published Jan 23, 2024
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions ... High Unreviewed
CVE-2024-27199 was published Mar 4, 2024
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing... High Unreviewed
CVE-2021-32016 was published May 24, 2022
The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,... High Unreviewed
CVE-2025-4857 was published May 31, 2025
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain... High Unreviewed
CVE-2025-27956 was published Jun 2, 2025
tar-fs can extract outside the specified dir with a specific tarball High
CVE-2025-48387 was published for tar-fs (npm) Jun 3, 2025
A directory traversal vulnerability exists in the PVMP package unpacking functionality of... High Unreviewed
CVE-2025-31359 was published Jun 3, 2025
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it... High Unreviewed
CVE-2023-45722 was published Jan 3, 2024
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path... High Unreviewed
CVE-2023-50916 was published Jan 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database