Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,809
Erlang
36
GitHub Actions
31
Go
2,393
Maven
5,000+
npm
4,026
NuGet
720
pip
3,818
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

779 advisories

Loading
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an... Critical Unreviewed
CVE-2025-30387 was published May 13, 2025
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4564 was published May 15, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-32926 was published May 19, 2025
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper... Critical Unreviewed
CVE-2025-27920 was published May 5, 2025
Improper limitation of pathname in Circuit Provisioning and File Import applications allows... Critical Unreviewed
CVE-2025-48017 was published May 20, 2025
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is... Critical Unreviewed
CVE-2025-4524 was published May 21, 2025
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files... Critical Unreviewed
CVE-2023-38951 was published Aug 4, 2023
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions ... Critical Unreviewed
CVE-2024-12718 was published Jun 3, 2025
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter... Critical Unreviewed
CVE-2025-4517 was published Jun 3, 2025
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers... Critical Unreviewed
CVE-2023-6623 was published Jan 15, 2024
Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0... Critical Unreviewed
CVE-2025-46783 was published Jun 13, 2025
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-6065 was published Jun 14, 2025
OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint Critical
CVE-2025-28384 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6... Critical Unreviewed
CVE-2024-10811 was published Jan 14, 2025
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras,... Critical Unreviewed
CVE-2025-34022 was published Jun 20, 2025
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to... Critical Unreviewed
CVE-2025-45890 was published Jun 20, 2025
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 -... Critical Unreviewed
CVE-2025-34040 was published Jun 26, 2025
MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute... Critical Unreviewed
CVE-2025-49153 was published Jun 26, 2025
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and... Critical Unreviewed
CVE-2025-6793 was published Jul 7, 2025
Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-6794 was published Jul 7, 2025
The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-4828 was published Jul 9, 2025
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `... Critical Unreviewed
CVE-2024-2221 was published Apr 10, 2024
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7360 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database