Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,367
Maven
5,000+
npm
3,986
NuGet
720
pip
3,778
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

407 advisories

Loading
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate
CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025
python-a2a has a path traversal in the create_workflow function Moderate
CVE-2025-6167 was published for python-a2a (pip) Jun 17, 2025
Solon Vulnerable to Directory Traversal Moderate
CVE-2025-46096 was published for org.noear:solon-faas-luffy (Maven) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
Erxes Path Traversal vulnerability Moderate
CVE-2024-57189 was published for erxes (npm) Jun 10, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper Moderate
CVE-2025-30159 was published for getkirby/kirby (Composer) May 13, 2025
bnomei tobimori
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
Vite's server.fs.deny bypassed with /. for files under project root Moderate
CVE-2025-46565 was published for vite (npm) Apr 30, 2025
chienhm
io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage Moderate
CVE-2025-32950 was published for io.jmix.localfs:jmix-localfs (Maven) Apr 22, 2025
shadowsock5 AnonySE26
AWS SAM CLI Path Traversal allows file copy to local cache Moderate
CVE-2025-3048 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
AWS SAM CLI Path Traversal allows file copy to build container Moderate
CVE-2025-3047 was published for aws-sam-cli (pip) Mar 31, 2025
kevinbackhouse
go.rgst.io/stencil/v2 vulnerable to Path Traversal Moderate
GHSA-p799-q2pr-6mxj was published for go.rgst.io/stencil/v2 (Go) Mar 29, 2025
github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Moderate
GHSA-j95m-rcjp-q69h was published for github.com/jaredallard/archives (Go) Mar 28, 2025
ccojocar
ingress-nginx controller - auth secret file path traversal vulnerability Moderate
CVE-2025-24513 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint Moderate
CVE-2024-7034 was published for open-webui (pip) Mar 20, 2025
Gradio Path Traversal vulnerability Moderate
CVE-2024-12217 was published for gradio (pip) Mar 20, 2025
OpenShift Console Has a Path Traversal Vulnerability Moderate
CVE-2024-7631 was published for github.com/openshift/console (Go) Mar 19, 2025
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka majkelstick
escopecz
xml2rfc has file inclusion irregularities Moderate
GHSA-432c-wxpg-m4q3 was published for xml2rfc (pip) Feb 7, 2025
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
Vitest browser mode serves arbitrary files Moderate
CVE-2025-24963 was published for @vitest/browser (npm) Feb 4, 2025
sapphi-red
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
CVE-2025-24961 was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database