Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

202 advisories

Loading
A missing protection against path traversal allows to access any file on the server. Critical Unreviewed
CVE-2025-3365 was published Jun 6, 2025
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path... Moderate Unreviewed
CVE-2025-49466 was published Jun 5, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file High
CVE-2025-48957 was published for astrbot (pip) Jun 4, 2025
Soulter Raven95676
Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue... High Unreviewed
CVE-2025-47445 was published May 14, 2025
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper Moderate
CVE-2025-30159 was published for getkirby/kirby (Composer) May 13, 2025
bnomei tobimori
Kirby vulnerable to path traversal in the router for PHP's built-in server Low
CVE-2025-30207 was published for getkirby/cms (Composer) May 13, 2025
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and... Moderate Unreviewed
CVE-2025-22859 was published May 13, 2025
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS... High Unreviewed
CVE-2025-24350 was published Apr 30, 2025
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows... Moderate Unreviewed
CVE-2025-24343 was published Apr 30, 2025
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Low Unreviewed
CVE-2023-35816 was published Apr 28, 2025
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was... Moderate Unreviewed
CVE-2025-46433 was published Apr 25, 2025
In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite... Moderate Unreviewed
CVE-2025-43016 was published Apr 25, 2025
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users High
CVE-2025-32017 was published for Umbraco.Cms (NuGet) Apr 9, 2025
ggisz
Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an... High Unreviewed
CVE-2025-32409 was published Apr 8, 2025
Relative Path Traversal vulnerability in Cristián Lávaque s2Member allows Path Traversal. This... Moderate Unreviewed
CVE-2025-32137 was published Apr 4, 2025
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0... Critical Unreviewed
CVE-2023-40714 was published Apr 2, 2025
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2025-2007 was published Apr 1, 2025
Solon Vulnerable to Path Traversal Moderate
CVE-2025-2961 was published for org.noear:solon-view (Maven) Mar 31, 2025
Apache Commons VFS Has Relative Path Traversal Vulnerability High
CVE-2025-27553 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform... High Unreviewed
CVE-2024-9363 was published Mar 20, 2025
AgentScope path traversal vulnerability in save-workflow Critical
CVE-2024-8551 was published for agentscope (pip) Mar 20, 2025
A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an... Moderate Unreviewed
CVE-2024-7058 was published Mar 20, 2025
A path traversal vulnerability exists in the latest version of stangirard/quivr. This... Moderate Unreviewed
CVE-2024-6583 was published Mar 20, 2025
Aim Relative Path Traversal vulnerability Moderate
CVE-2024-6483 was published for aim (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database