Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

138 advisories

Loading
Microweber CMS API has authenticated local file inclusion vulnerability Moderate
CVE-2025-34076 was published for microweber/microweber (Composer) Jul 2, 2025
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
ThinkAdmin directory traversal vulnerability High
CVE-2020-25540 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AnonySE26
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper Moderate
CVE-2025-30159 was published for getkirby/kirby (Composer) May 13, 2025
bnomei tobimori
Kirby vulnerable to path traversal in the router for PHP's built-in server Low
CVE-2025-30207 was published for getkirby/cms (Composer) May 13, 2025
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
ThinkPHP Framework vulnerable to remote code execution Critical
CVE-2022-47945 was published for topthink/framework (Composer) Dec 23, 2022
GeSHi vulnerable to Directory Traversal High
CVE-2012-3521 was published for geshi/geshi (Composer) May 17, 2022
TYPO3 Path Traversal vulnerability Moderate
CVE-2010-5099 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Directory Traversal vulnerability Moderate
CVE-2010-5101 was published for typo3/cms (Composer) May 17, 2022
phpMyAdmin Directory Traversal vulnerability High
CVE-2011-2508 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file Moderate
CVE-2011-0986 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Yeswiki Path Traversal vulnerability allows arbitrary read of files High
CVE-2025-31131 was published for yeswiki/yeswiki (Composer) Apr 1, 2025
masquerad3r
Adobe Commerce Path Traversal High
CVE-2025-24406 was published for magento/community-edition (Composer) Feb 11, 2025
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka majkelstick
escopecz
Magento Path Traversal vulnerability Moderate
CVE-2021-28584 was published for magento/community-edition (Composer) May 24, 2022
Magento path traversal vulnerability Moderate
CVE-2020-9689 was published for magento/community-edition (Composer) May 24, 2022
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
DevDojo Voyager vulnerable to path traversal High
CVE-2024-55415 was published for tcg/voyager (Composer) Jan 30, 2025
Webtrees Path Traversal vulnerability Moderate
CVE-2024-22723 was published for fisharebest/webtrees (Composer) Feb 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database