Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,023 advisories

Loading
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can... High Unreviewed
CVE-2025-32820 was published May 7, 2025
A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard... High Unreviewed
CVE-2024-20348 was published Apr 3, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-25000 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-24999 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-23535 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-24997 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-24994 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-27977 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-27976 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-27984 was published Apr 19, 2024
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to... High Unreviewed
CVE-2022-42977 was published Nov 15, 2022
Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory... High Unreviewed
CVE-2022-43264 was published Nov 16, 2022
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the... High Unreviewed
CVE-2025-2817 was published Apr 29, 2025
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a... High Unreviewed
CVE-2022-44653 was published Dec 12, 2022
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a... High Unreviewed
CVE-2025-27937 was published Apr 28, 2025
Traefik has a possible vulnerability with the path matchers High
CVE-2025-32431 was published for github.com/traefik/traefik (Go) Apr 21, 2025
The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,... High Unreviewed
CVE-2025-1565 was published Apr 25, 2025
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. High Unreviewed
CVE-2023-39810 was published Aug 28, 2023
The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory... High Unreviewed
CVE-2025-3300 was published Apr 24, 2025
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote... High Unreviewed
CVE-2022-46256 was published Dec 14, 2022
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper... High Unreviewed
CVE-2025-23250 was published Apr 22, 2025
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an... High Unreviewed
CVE-2017-16929 was published May 17, 2022
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute'... High Unreviewed
CVE-2017-5261 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database