Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,327
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

827 advisories

Loading
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design... Critical Unreviewed
CVE-2025-6439 was published Oct 11, 2025
Deep Java Library path traversal issue Critical
CVE-2025-0851 was published for ai.djl:api (Maven) Jan 29, 2025
A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an... Critical Unreviewed
CVE-2024-8581 was published Mar 20, 2025
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
Credited to awaelchli
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload Critical
CVE-2024-10833 was published for dbgpt (pip) Mar 20, 2025
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical
CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read... Critical Unreviewed
CVE-2025-62353 was published Oct 17, 2025
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files... Critical Unreviewed
CVE-2018-14847 was published May 14, 2022
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an... Critical Unreviewed
CVE-2019-16278 was published May 24, 2022
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server... Critical Unreviewed
CVE-2021-21972 was published May 24, 2022
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A... Critical Unreviewed
CVE-2021-22005 was published May 24, 2022
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An... Critical Unreviewed
CVE-2021-42013 was published May 24, 2022
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can... Critical Unreviewed
CVE-2022-26352 was published Jul 18, 2022
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP... Critical Unreviewed
CVE-2022-37042 was published Aug 13, 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload... Critical Unreviewed
CVE-2022-41352 was published Sep 27, 2022
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed... Critical Unreviewed
CVE-2019-3396 was published May 13, 2022
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after... Critical Unreviewed
CVE-2023-47246 was published Nov 10, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-32113 was published May 8, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4885 was published Jun 25, 2024
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2024-8963 was published Sep 19, 2024
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <=... Critical Unreviewed
CVE-2021-20090 was published May 24, 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This... Critical Unreviewed
CVE-2022-29464 was published Apr 20, 2022
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12... Critical Unreviewed
CVE-2024-7262 was published Aug 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database