Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

7,600 advisories

Loading
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal High
CVE-2026-22786 was published for github.com/flipped-aurora/gin-vue-admin (Go) Jan 13, 2026
D0ub1e-D
Credited to D0ub1e-D
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database... High Unreviewed
CVE-2025-25652 was published Jan 13, 2026
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability... Moderate Unreviewed
CVE-2025-58693 was published Jan 13, 2026
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the... Moderate Unreviewed
CVE-2025-9435 was published Jan 13, 2026
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated... Moderate Unreviewed
CVE-2025-66689 was published Jan 12, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64
Credited to locus-x64
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in... High Unreviewed
CVE-2025-69267 was published Jan 12, 2026
In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service... High Unreviewed
CVE-2025-66744 was published Jan 9, 2026
An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary... Moderate Unreviewed
CVE-2025-67004 was published Jan 9, 2026
Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible... Moderate Unreviewed
CVE-2025-66051 was published Jan 9, 2026
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application... High Unreviewed
CVE-2025-69194 was published Jan 9, 2026
React Router has Path Traversal in File Session Storage Critical
CVE-2025-61686 was published for @react-router/node (npm) Jan 8, 2026
zaddy6
Credited to zaddy6
picklescan has Arbitrary file read using `io.FileIO` High
GHSA-9726-w42j-3qjr was published for picklescan (pip) Jan 8, 2026
shivasurya
Credited to shivasurya
The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in... Moderate Unreviewed
CVE-2019-25295 was published Jan 8, 2026
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure... High Unreviewed
CVE-2017-20212 was published Jan 8, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2026-0669 was published Jan 7, 2026
RustFS Path Traversal Vulnerability High
CVE-2025-68705 was published for rustfs (Rust) Jan 7, 2026
The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and... Moderate Unreviewed
CVE-2025-14867 was published Jan 7, 2026
The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and... High Unreviewed
CVE-2025-13801 was published Jan 7, 2026
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows... High Unreviewed
CVE-2020-36909 was published Jan 6, 2026
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download Moderate
CVE-2026-21851 was published for monai (pip) Jan 6, 2026
yueyueL
Credited to yueyueL
The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2025-14997 was published Jan 6, 2026
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path... Moderate Unreviewed
CVE-2026-0604 was published Jan 6, 2026
AIOHTTP vulnerable to brute-force leak of internal static file path components Low
CVE-2025-69226 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read High
CVE-2026-21857 was published for redaxo/source (Composer) Jan 5, 2026
lukasz-rybak
Credited to lukasz-rybak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database