Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,138 advisories

Loading
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth... Moderate Unreviewed
CVE-2025-11849 was published Oct 17, 2025
PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure Moderate
CVE-2025-61923 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
Smidge is vulnerable to Path Traversal Moderate
CVE-2025-11842 was published for Smidge (NuGet) Oct 16, 2025
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... Moderate Unreviewed
CVE-2025-53951 was published Oct 16, 2025
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and... Moderate Unreviewed
CVE-2025-37144 was published Oct 14, 2025
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and... Moderate Unreviewed
CVE-2025-37145 was published Oct 14, 2025
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4... Moderate Unreviewed
CVE-2025-10986 was published Oct 14, 2025
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web... Moderate Unreviewed
CVE-2025-42906 was published Oct 14, 2025
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11631 was published Oct 12, 2025
A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function... Moderate Unreviewed
CVE-2025-11630 was published Oct 12, 2025
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element... Moderate Unreviewed
CVE-2025-11607 was published Oct 11, 2025
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in... Moderate Unreviewed
CVE-2025-9950 was published Oct 11, 2025
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an... Moderate Unreviewed
CVE-2025-35056 was published Oct 9, 2025
Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying... Moderate Unreviewed
CVE-2025-35053 was published Oct 9, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43934 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43889 was published Oct 7, 2025
A client-side path traversal vulnerability was discovered in the web management interface front... Moderate Unreviewed
CVE-2025-3718 was published Oct 7, 2025
Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W... Moderate Unreviewed
CVE-2025-60969 was published Oct 6, 2025
A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2.... Moderate Unreviewed
CVE-2025-11337 was published Oct 6, 2025
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization... Moderate Unreviewed
CVE-2025-11336 was published Oct 6, 2025
A remote, unauthorized attacker can brute force folders and files and read them like private keys... Moderate Unreviewed
CVE-2025-58591 was published Oct 6, 2025
It's possible to brute force folders and files, what can be used by an attacker to steal sensitve... Moderate Unreviewed
CVE-2025-58590 was published Oct 6, 2025
clearml is vulnerable to Path Traversal through its `safe_extract` function Moderate
CVE-2025-8917 was published for clearml (pip) Oct 5, 2025
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class Moderate
CVE-2025-8406 was published for zenml (pip) Oct 5, 2025
A path traversal vulnerability has been reported to affect several QNAP operating system versions... Moderate Unreviewed
CVE-2025-47211 was published Oct 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database