Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

6,416 advisories

Loading
Local privilege escalation due to incorrect assignment of privileges of temporary files in the... High Unreviewed
CVE-2025-0542 was published Jan 25, 2025
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0... Moderate Unreviewed
CVE-2023-38012 was published Jan 25, 2025
The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory... Moderate Unreviewed
CVE-2024-12885 was published Jan 25, 2025
The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and... Moderate Unreviewed
CVE-2024-13550 was published Jan 25, 2025
A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to... Moderate Unreviewed
CVE-2025-0703 was published Jan 24, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-24611 was published Jan 24, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-23422 was published Jan 24, 2025
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget... High Unreviewed
CVE-2024-13409 was published Jan 24, 2025
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions... Critical Unreviewed
CVE-2024-13545 was published Jan 24, 2025
Arbitrary file upload, deletion and read through header manipulation Moderate Unreviewed
CVE-2024-55926 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application... Moderate Unreviewed
CVE-2024-42187 was published Jan 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-23562 was published Jan 22, 2025
Authenticated arbitrary file deletion in YesWiki High
CVE-2025-24019 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an... Moderate Unreviewed
CVE-2025-0614 was published Jan 21, 2025
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an... Moderate Unreviewed
CVE-2025-0615 was published Jan 21, 2025
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the... Moderate Unreviewed
CVE-2024-45652 was published Jan 19, 2025
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and... Moderate Unreviewed
CVE-2024-10799 was published Jan 17, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on... Moderate Unreviewed
CVE-2024-52363 was published Jan 17, 2025
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet... Moderate Unreviewed
CVE-2024-48885 was published Jan 16, 2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal... High Unreviewed
CVE-2024-57727 was published Jan 16, 2025
A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1,... Moderate Unreviewed
CVE-2024-54535 was published Jan 15, 2025
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and... High Unreviewed
CVE-2024-13158 was published Jan 14, 2025
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker... High Unreviewed
CVE-2024-13180 was published Jan 14, 2025
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker... High Unreviewed
CVE-2024-13179 was published Jan 14, 2025
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker... High Unreviewed
CVE-2024-13181 was published Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database