Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,474 advisories

Loading
A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows... High Unreviewed
CVE-2025-60786 was published Dec 15, 2025
NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its... High Unreviewed
CVE-2025-34181 was published Dec 15, 2025
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown... Moderate Unreviewed
CVE-2025-14702 was published Dec 15, 2025
A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-14704 was published Dec 15, 2025
A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This... Moderate Unreviewed
CVE-2025-14698 was published Dec 15, 2025
A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This... Moderate Unreviewed
CVE-2025-14699 was published Dec 15, 2025
A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android.... Moderate Unreviewed
CVE-2025-14617 was published Dec 13, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Low Unreviewed
CVE-2025-43465 was published Dec 12, 2025
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip High
CVE-2025-67818 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
Weaviate OSS has path traversal vulnerability via the Shard Movement API High
CVE-2025-67819 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up... Moderate Unreviewed
CVE-2025-12960 was published Dec 12, 2025
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path... Moderate Unreviewed
CVE-2025-13891 was published Dec 12, 2025
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-14344 was published Dec 12, 2025
The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the ... Moderate Unreviewed
CVE-2025-13972 was published Dec 12, 2025
The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions... High Unreviewed
CVE-2025-12824 was published Dec 12, 2025
APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated... High Unreviewed
CVE-2024-58310 was published Dec 12, 2025
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2024-58312 was published Dec 12, 2025
The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to... Moderate Unreviewed
CVE-2025-14293 was published Dec 11, 2025
An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the... High Unreviewed
CVE-2025-66429 was published Dec 11, 2025
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload Low Unreviewed
CVE-2025-67742 was published Dec 11, 2025
A security vulnerability has been detected in baowzh hfly up to... Moderate Unreviewed
CVE-2025-14521 was published Dec 11, 2025
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c.... Moderate Unreviewed
CVE-2025-14520 was published Dec 11, 2025
Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that... High Unreviewed
CVE-2020-36893 was published Dec 10, 2025
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal... High Unreviewed
CVE-2020-36883 was published Dec 10, 2025
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in... High Unreviewed
CVE-2020-36898 was published Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database