Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,850
Maven
5,000+
npm
4,485
NuGet
779
pip
4,238
Pub
12
RubyGems
975
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2026-1022 was published Jan 16, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64
Credited to locus-x64
@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading... High Unreviewed
CVE-2025-67366 was published Jan 7, 2026
PsiTransfer has Zip Slip Path Traversal via TAR Archive Download High
GHSA-xphh-5v4r-r3rx was published for psitransfer (npm) Dec 30, 2025
DenizParlak
Credited to DenizParlak
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-15225 was published Dec 29, 2025
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged... Moderate Unreviewed
CVE-2025-66737 was published Dec 26, 2025
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is... High Unreviewed
CVE-2025-57403 was published Dec 26, 2025
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15015 was published Dec 22, 2025
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute... High Unreviewed
CVE-2025-62552 was published Dec 9, 2025
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu meenakshisl
Credited to cristianstaicu and meenakshisl
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from... Moderate Unreviewed
CVE-2016-20023 was published Dec 5, 2025
There is a relative path traversal vulnerability in the NI System Web Server that may result in... High Unreviewed
CVE-2025-12097 was published Dec 4, 2025
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site... Moderate Unreviewed
CVE-2025-66386 was published Nov 28, 2025
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated... High Unreviewed
CVE-2025-13771 was published Nov 28, 2025
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to... Critical Unreviewed
CVE-2024-47856 was published Nov 25, 2025
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction Critical
GHSA-rj4j-2jph-gg43 was published for github.com/lf-edge/ekuiper/v2 (Go) Nov 24, 2025
odaysec ptrgits
Credited to odaysec and ptrgits
A Path Traversal vulnerability has been identified in the Email Security appliance allows an... Moderate Unreviewed
CVE-2025-40605 was published Nov 20, 2025
Astro Development Server has Arbitrary Local File Read Low
CVE-2025-64757 was published for astro (npm) Nov 19, 2025
monizb Princesseuh
delucis ematipico
Credited to monizb, Princesseuh, delucis, and ematipico
A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown... Moderate Unreviewed
CVE-2025-13199 was published Nov 15, 2025
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard elrido
rugk
Credited to esnard, elrido, and rugk
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0... Critical Unreviewed
CVE-2025-64446 was published Nov 14, 2025
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability,... High Unreviewed
CVE-2025-13161 was published Nov 14, 2025
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker... High Unreviewed
CVE-2025-58464 was published Nov 7, 2025
A relative path traversal vulnerability has been reported to affect Download Station. If a remote... Low Unreviewed
CVE-2025-58463 was published Nov 7, 2025
Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00... Moderate Unreviewed
CVE-2025-46363 was published Oct 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database