GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,979
Composer 4,785
Erlang 36
GitHub Actions 29
Go 2,358
Maven 5,673
npm 3,979
NuGet 720
pip 3,777
Pub 12
RubyGems 924
Rust 981
Swift 38

Unreviewed advisories

All unreviewed 260,752

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

26 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a... Critical Unreviewed

CVE-2025-52207 was published Jun 27, 2025

A missing protection against path traversal allows to access any file on the server. Critical Unreviewed

CVE-2025-3365 was published Jun 6, 2025

An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on... Critical Unreviewed

CVE-2021-22650 was published Jul 29, 2022

Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows... Critical Unreviewed

CVE-2023-0339 was published Feb 28, 2023

Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows... Critical Unreviewed

CVE-2023-0511 was published Feb 28, 2023

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0... Critical Unreviewed

CVE-2023-40714 was published Apr 2, 2025

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and... Critical Unreviewed

CVE-2025-23410 was published Mar 5, 2025

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter... Critical Unreviewed

CVE-2025-20059 was published Feb 20, 2025

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a... Critical Unreviewed

CVE-2021-40870 was published May 24, 2022

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5... Critical Unreviewed

CVE-2023-34990 was published Dec 18, 2024

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed

CVE-2024-11311 was published Nov 18, 2024

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed

CVE-2024-11312 was published Nov 18, 2024

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed

CVE-2024-11313 was published Nov 18, 2024

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed

CVE-2024-11314 was published Nov 18, 2024

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed

CVE-2024-11315 was published Nov 18, 2024

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write... Critical Unreviewed

CVE-2023-3941 was published May 21, 2024

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation... Critical Unreviewed

CVE-2024-3025 was published Apr 10, 2024

The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path... Critical Unreviewed

CVE-2020-7376 was published May 24, 2022

A user who is privileged already `manager` or `admin` can set their profile picture via the... Critical Unreviewed

CVE-2024-0550 was published Feb 28, 2024

Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed ... Critical Unreviewed

CVE-2023-0745 was published Feb 9, 2023

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1. It has... Critical Unreviewed

CVE-2023-1112 was published Mar 1, 2023

Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered... Critical Unreviewed

CVE-2022-28814 was published Sep 29, 2022

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows... Critical Unreviewed

CVE-2020-25172 was published May 24, 2022

The affected product is vulnerable to directory traversal, which may allow an attacker to access... Critical Unreviewed

CVE-2022-2139 was published Jul 23, 2022

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative... Critical Unreviewed

CVE-2022-2120 was published Jun 25, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

26 advisories