Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,535 advisories

Loading
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2022-50796 was published Dec 31, 2025
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure... High Unreviewed
CVE-2022-50792 was published Dec 31, 2025
PsiTransfer has Zip Slip Path Traversal via TAR Archive Download High
GHSA-xphh-5v4r-r3rx was published for psitransfer (npm) Dec 30, 2025
DenizParlak
Credited to DenizParlak
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of... Moderate Unreviewed
CVE-2025-15245 was published Dec 30, 2025
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php. High Unreviewed
CVE-2024-25183 was published Dec 29, 2025
Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers... Moderate Unreviewed
CVE-2025-14728 was published Dec 29, 2025
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin... High Unreviewed
CVE-2025-67254 was published Dec 29, 2025
A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-15187 was published Dec 29, 2025
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15227 was published Dec 29, 2025
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-15225 was published Dec 29, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing... Moderate Unreviewed
CVE-2025-15066 was published Dec 29, 2025
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some... Moderate Unreviewed
CVE-2025-15138 was published Dec 28, 2025
Croogo CMS has a path traversal vulnerability High
CVE-2024-42718 was published for croogo/croogo (Composer) Dec 26, 2025
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file... Moderate Unreviewed
CVE-2025-15076 was published Dec 25, 2025
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities... High Unreviewed
CVE-2019-25258 was published Dec 24, 2025
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal... High Unreviewed
CVE-2019-25256 was published Dec 24, 2025
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability... High Unreviewed
CVE-2019-25246 was published Dec 24, 2025
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden... High Unreviewed
CVE-2018-25144 was published Dec 24, 2025
pdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability.... High Unreviewed
CVE-2025-14420 was published Dec 24, 2025
Soda PDF Desktop CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-14413 was published Dec 24, 2025
Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation... Moderate Unreviewed
CVE-2025-13698 was published Dec 24, 2025
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-13699 was published Dec 24, 2025
Home Assistant Core before is vulnerable to Directory Traversal Moderate
CVE-2025-65713 was published for homeassistant (pip) Dec 23, 2025
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass... High Unreviewed
CVE-2023-53979 was published Dec 23, 2025
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability... High Unreviewed
CVE-2023-53962 was published Dec 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database