Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,175 advisories

Loading
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
odaysec
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
Mattermost Path Traversal vulnerability Moderate
CVE-2025-6233 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format Moderate
CVE-2025-53622 was published for org.dspace:dspace-api (Maven) Jul 15, 2025
MMilosz kshepherd
Measured is vulnerable to Path Traversal attacks during class initialization Moderate
GHSA-29g5-m8v7-v564 was published for measured (RubyGems) Jul 15, 2025
calysteon
Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive High
CVE-2025-53632 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Dagster vulnerable to Path Traversal attack through its /logs endpoint Moderate
CVE-2023-51232 was published for dagster (pip) Jul 7, 2025
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit Moderate
CVE-2025-6210 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class High
CVE-2025-3046 was published for llama-index-readers-obsidian (pip) Jul 7, 2025
Microweber CMS API has authenticated local file inclusion vulnerability Moderate
CVE-2025-34076 was published for microweber/microweber (Composer) Jul 2, 2025
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High
CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir Moderate
CVE-2025-6773 was published for lightrag-hku (pip) Jun 27, 2025
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
Upsonic is vulnerable to Path Traversal attack through its os.path.join function Low
CVE-2025-6278 was published for upsonic (pip) Jun 19, 2025
DotVVM allows path traversal when deployed in Debug mode High
GHSA-6q65-j4jw-9cg8 was published for DotVVM (NuGet) Jun 19, 2025
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
python-a2a has a path traversal in the create_workflow function Moderate
CVE-2025-6167 was published for python-a2a (pip) Jun 17, 2025
Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler High
CVE-2025-3594 was published for com.liferay:com.liferay.server.admin.web (Maven) Jun 16, 2025
Solon Vulnerable to Directory Traversal Moderate
CVE-2025-46096 was published for org.noear:solon-faas-luffy (Maven) Jun 13, 2025
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint High
CVE-2025-28382 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint Critical
CVE-2025-28384 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database