Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,262
Maven
5,000+
npm
3,912
NuGet
705
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

750 advisories

Loading
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a... Critical Unreviewed
CVE-2025-26692 was published Apr 28, 2025
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file... Critical Unreviewed
CVE-2025-3065 was published Apr 24, 2025
A path traversal vulnerability in Commvault Command Center Innovation Release allows an... Critical Unreviewed
CVE-2025-34028 was published Apr 22, 2025
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a... Critical Unreviewed
CVE-2025-29660 was published Apr 21, 2025
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW)... Critical Unreviewed
CVE-2025-0632 was published Apr 21, 2025
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local... Critical Unreviewed
CVE-2025-2636 was published Apr 11, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41792 was published Apr 8, 2025
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-2941 was published Apr 7, 2025
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by... Critical Unreviewed
CVE-2025-22926 was published Apr 3, 2025
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by... Critical Unreviewed
CVE-2025-22927 was published Apr 3, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-30841 was published Apr 1, 2025
A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4... Critical Unreviewed
CVE-2025-30429 was published Apr 1, 2025
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all... Critical Unreviewed
CVE-2025-2294 was published Mar 28, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can... Critical Unreviewed
CVE-2025-27837 was published Mar 25, 2025
AgentScope path traversal vulnerability in save-workflow Critical
CVE-2024-8551 was published for agentscope (pip) Mar 20, 2025
Aim path traversal in LockManager.release_locks Critical
CVE-2024-8769 was published for aim (pip) Mar 20, 2025
AgentScope path traversal vulnerability Critical
CVE-2024-8537 was published for agentscope (pip) Mar 20, 2025
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation... Critical Unreviewed
CVE-2024-5752 was published Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload Critical
CVE-2024-10833 was published for dbgpt (pip) Mar 20, 2025
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to... Critical Unreviewed
CVE-2025-2505 was published Mar 20, 2025
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-1661 was published Mar 11, 2025
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account Critical
CVE-2025-27590 was published for oxidized-web (RubyGems) Mar 3, 2025
In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible,... Critical Unreviewed
CVE-2024-38292 was published Feb 28, 2025
Mattermost allows reading arbitrary files related to importing boards Critical
CVE-2025-25279 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database