Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,226
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,260 advisories

Loading
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun
Credited to im-soohyun
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4... Moderate Unreviewed
CVE-2025-10986 was published Oct 14, 2025
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web... Moderate Unreviewed
CVE-2025-42906 was published Oct 14, 2025
Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve... High Unreviewed
CVE-2025-9713 was published Oct 13, 2025
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11631 was published Oct 12, 2025
A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function... Moderate Unreviewed
CVE-2025-11630 was published Oct 12, 2025
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element... Moderate Unreviewed
CVE-2025-11607 was published Oct 11, 2025
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in... Moderate Unreviewed
CVE-2025-9950 was published Oct 11, 2025
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design... Critical Unreviewed
CVE-2025-6439 was published Oct 11, 2025
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool High
GHSA-j44m-5v8f-gc9c was published for flowise (npm) Oct 10, 2025
XlabAITeam
Credited to XlabAITeam
cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations High
CVE-2025-11569 was published for cross-zip (npm) Oct 10, 2025
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE Critical
CVE-2025-10284 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
TheTechromancer
Credited to justinsteven, liquidsec, and TheTechromancer
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an... Moderate Unreviewed
CVE-2025-35056 was published Oct 9, 2025
Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated... High Unreviewed
CVE-2025-35055 was published Oct 9, 2025
Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying... Moderate Unreviewed
CVE-2025-35053 was published Oct 9, 2025
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability... High Unreviewed
CVE-2025-34248 was published Oct 9, 2025
Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and... High Unreviewed
CVE-2025-39664 was published Oct 9, 2025
Flowise is vulnerable to arbitrary file write through its WriteFileTool Critical
CVE-2025-61913 was published for flowise (npm) Oct 9, 2025
XlabAITeam
Credited to XlabAITeam
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... Critical Unreviewed
CVE-2025-7526 was published Oct 9, 2025
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip) Oct 7, 2025
d3do-23 kexinoh
lonelyuan
Credited to d3do-23, kexinoh, and lonelyuan
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43934 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43889 was published Oct 7, 2025
A client-side path traversal vulnerability was discovered in the web management interface front... Moderate Unreviewed
CVE-2025-3718 was published Oct 7, 2025
A path traversal vulnerability was discovered in the Time Machine functionality due to missing... High Unreviewed
CVE-2025-40889 was published Oct 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database