Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,827
Maven
5,000+
npm
4,455
NuGet
775
pip
4,219
Pub
12
RubyGems
970
Rust
1,090
Swift
47
Unreviewed advisories
All unreviewed
5,000+

7,590 advisories

Loading
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion,... High Unreviewed
CVE-2021-47795 was published Jan 16, 2026
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing... High Unreviewed
CVE-2025-67076 was published Jan 15, 2026
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated... High Unreviewed
CVE-2021-47755 was published Jan 15, 2026
DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface High
CVE-2025-66292 was published for github.com/donknap/dpanel (Go) Jan 15, 2026
pyroxenites
Credited to pyroxenites
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers... Moderate Unreviewed
CVE-2025-67083 was published Jan 15, 2026
A local user can trigger Harmony SASE Windows client to write or delete files outside the... High Unreviewed
CVE-2025-9142 was published Jan 14, 2026
The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all... Moderate Unreviewed
CVE-2025-15020 was published Jan 14, 2026
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in... Critical Unreviewed
CVE-2025-14502 was published Jan 14, 2026
The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in... Critical Unreviewed
CVE-2025-14301 was published Jan 14, 2026
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated... High Unreviewed
CVE-2022-50939 was published Jan 14, 2026
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows... High Unreviewed
CVE-2022-50932 was published Jan 14, 2026
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server... High Unreviewed
CVE-2022-50890 was published Jan 14, 2026
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated... High Unreviewed
CVE-2021-47749 was published Jan 14, 2026
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal... Moderate Unreviewed
CVE-2021-47751 was published Jan 14, 2026
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE High
CVE-2026-22871 was published for guarddog (pip) Jan 13, 2026
dwBruijn
Credited to dwBruijn
jaraco.context Has a Path Traversal Vulnerability High
GHSA-58pv-8j8x-9vj2 was published for jaraco.context (pip) Jan 13, 2026
tsigouris007
Credited to tsigouris007
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal High
CVE-2026-22786 was published for github.com/flipped-aurora/gin-vue-admin (Go) Jan 13, 2026
D0ub1e-D
Credited to D0ub1e-D
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database... High Unreviewed
CVE-2025-25652 was published Jan 13, 2026
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability... Moderate Unreviewed
CVE-2025-58693 was published Jan 13, 2026
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the... Moderate Unreviewed
CVE-2025-9435 was published Jan 13, 2026
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated... Moderate Unreviewed
CVE-2025-66689 was published Jan 12, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64
Credited to locus-x64
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in... High Unreviewed
CVE-2025-69267 was published Jan 12, 2026
An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary... Moderate Unreviewed
CVE-2025-67004 was published Jan 9, 2026
In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service... High Unreviewed
CVE-2025-66744 was published Jan 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database