Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,451 advisories

Loading
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method. High Unreviewed
CVE-2025-65838 was published Dec 1, 2025
A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted... Moderate Unreviewed
CVE-2025-13816 was published Dec 1, 2025
A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of... Moderate Unreviewed
CVE-2025-13810 was published Dec 1, 2025
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common... Moderate Unreviewed
CVE-2025-13791 was published Nov 30, 2025
Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack High
CVE-2025-12638 was published for Keras (pip) Nov 28, 2025 withdrawn
Improper input sanitization in the file archives upload functionality of Eaton Galileo software... High Unreviewed
CVE-2025-59890 was published Nov 27, 2025
Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S... High Unreviewed
CVE-2025-66251 was published Nov 26, 2025
Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66262 was published Nov 26, 2025
UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion... High Unreviewed
CVE-2025-34350 was published Nov 25, 2025
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by... Critical Unreviewed
CVE-2025-59366 was published Nov 25, 2025
A path traversal vulnerability has been identified in certain router models. A remote,... Moderate Unreviewed
CVE-2025-59372 was published Nov 25, 2025
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated... High Unreviewed
CVE-2025-12003 was published Nov 25, 2025
A Directory Traversal vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54347 was published Nov 25, 2025
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction Critical
GHSA-rj4j-2jph-gg43 was published for github.com/lf-edge/ekuiper/v2 (Go) Nov 24, 2025
odaysec ptrgits
Credited to odaysec and ptrgits
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute... High Unreviewed
CVE-2025-60915 was published Nov 24, 2025
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names.... Moderate Unreviewed
CVE-2025-12972 was published Nov 24, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-31248 was published Nov 22, 2025
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly... Critical Unreviewed
CVE-2025-34320 was published Nov 20, 2025
Resty has a Path Traversal vulnerability Low
CVE-2025-13435 was published for cn.dreampie:resty (Maven) Nov 20, 2025
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-11001 was published Nov 20, 2025
Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability... High Unreviewed
CVE-2025-63371 was published Nov 19, 2025
esm.sh CDN service has arbitrary file write via tarslip High
CVE-2025-65025 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values Moderate
CVE-2025-64765 was published for astro (npm) Nov 19, 2025
Sudistark
Credited to Sudistark
Astro Development Server has Arbitrary Local File Read Low
CVE-2025-64757 was published for astro (npm) Nov 19, 2025
monizb Princesseuh
delucis ematipico
Credited to monizb, Princesseuh, delucis, and ematipico
A low privileged remote attacker can upload a new or overwrite an existing python script by using... High Unreviewed
CVE-2025-41736 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database