Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper Moderate
CVE-2025-30159 was published for getkirby/kirby (Composer) May 13, 2025
bnomei tobimori
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka majkelstick
escopecz
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
Statamic CMS has a Path Traversal in Asset Upload Moderate
CVE-2024-52600 was published for statamic/cms (Composer) Nov 19, 2024
SamSchroderBSG
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
Cross site scripting in Concrete CMS Moderate
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
Contao affected by directory traversal in the file selector widget Moderate
CVE-2024-45604 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Magento Open Source Path Traversal vulnerability Moderate
CVE-2024-39406 was published for magento/community-edition (Composer) Aug 14, 2024
ICEcoder Path Traversal vulnerability Moderate
CVE-2024-41373 was published for icecoder/icecoder (Composer) Jul 26, 2024
Twig Path Traversal vulnerability in the filesystem loader Moderate
GHSA-7cvr-xhm5-x998 was published for twig/twig (Composer) May 30, 2024
Webtrees Path Traversal vulnerability Moderate
CVE-2024-22723 was published for fisharebest/webtrees (Composer) Feb 28, 2024
Path disclosure in JavaScript variable Moderate
CVE-2024-26129 was published for prestashop/prestashop (Composer) Feb 21, 2024
hugo-fasone matks
YetiForceCRM Directory Traversal vulnerability Moderate
CVE-2023-49508 was published for yetiforce/yetiforce-crm (Composer) Feb 16, 2024
Path Traversal in TYPO3 File Abstraction Layer Storages Moderate
CVE-2023-30451 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader bnf
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal Moderate
GHSA-3gjc-mp82-fj4q was published for typo3/cms-core (Composer) Dec 25, 2023 withdrawn
Potential URI resolution path traversal in the AWS SDK for PHP Moderate
CVE-2023-51651 was published for aws/aws-sdk-php (Composer) Dec 21, 2023
arkark
baserCMS Directory Traversal vulnerability in Form submission data management Feature Moderate
CVE-2023-43648 was published for baserproject/basercms (Composer) Oct 26, 2023
PrestaShop file access through path traversal Moderate
CVE-2023-39528 was published for prestashop/prestashop (Composer) Aug 9, 2023
PrestaShop path traversal Moderate
CVE-2023-39525 was published for prestashop/prestashop (Composer) Aug 9, 2023
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction Moderate
CVE-2023-38708 was published for pimcore/pimcore (Composer) Aug 3, 2023
TobiSW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database