Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,181 advisories

Loading
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common... Moderate Unreviewed
CVE-2025-13791 was published Nov 30, 2025
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names.... Moderate Unreviewed
CVE-2025-12972 was published Nov 24, 2025
lsFusion Platform has a Path Traversal vulnerability Moderate
CVE-2025-13262 was published for lsfusion.platform:web-client (Maven) Nov 17, 2025
lsFusion Platform has a Path Traversal vulnerability Moderate
CVE-2025-13261 was published for lsfusion.platform:web-client (Maven) Nov 17, 2025
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values Moderate
CVE-2025-64765 was published for astro (npm) Nov 19, 2025
Sudistark
Credited to Sudistark
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
Credited to singetu0096
lsFusion Server is vulnerable to Path Traversal through its unpackFile function Moderate
CVE-2025-13265 was published for lsfusion.platform:server (Maven) Nov 17, 2025
A path traversal vulnerability has been identified in certain router models. A remote,... Moderate Unreviewed
CVE-2025-59372 was published Nov 25, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-31248 was published Nov 22, 2025
Mattermost Server is vulnerable to Directory Traversal by System Admins Moderate
CVE-2017-18874 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal... Moderate Unreviewed
CVE-2025-63918 was published Nov 17, 2025
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown woodruffw
charliermarsh zanieb
Credited to calebbrown, woodruffw, charliermarsh, and zanieb
KubeVirt Arbitrary Container File Read Moderate
CVE-2025-64433 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
vlife-base has Path Traversal vulnerability Moderate
CVE-2025-13266 was published for io.github.wwwlike:vlife-base (Maven) Nov 17, 2025
Kgateway transformation policy template can emit files from the container Moderate
GHSA-5pmx-7r6r-wfqq was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
rikatz
Credited to rikatz
A vulnerability was identified in shsuishang ShopSuite ModulithShop up to... Moderate Unreviewed
CVE-2025-13246 was published Nov 16, 2025
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64 Moderate
CVE-2025-57697 was published for AstrBot (pip) Nov 7, 2025
Liferay Portal ComboServlet denial of service via large file combination Moderate
CVE-2025-62254 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 24, 2025
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker... Moderate Unreviewed
CVE-2025-57712 was published Nov 7, 2025
A security vulnerability has been detected in SimStudioAI sim up to... Moderate Unreviewed
CVE-2025-9801 was published Nov 14, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-60217 was published Oct 22, 2025
The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file... Moderate Unreviewed
CVE-2025-12089 was published Nov 13, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio... Moderate Unreviewed
CVE-2025-62449 was published Nov 11, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for... Moderate Unreviewed
CVE-2025-60722 was published Nov 11, 2025
Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an... Moderate Unreviewed
CVE-2025-42894 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database