GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,895
Composer 4,779
Erlang 36
GitHub Actions 29
Go 2,338
Maven 5,642
npm 3,972
NuGet 714
pip 3,769
Pub 12
RubyGems 923
Rust 976
Swift 38

Unreviewed advisories

All unreviewed 259,812

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

195 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The account file upload functionality in Syspass 3.2.x fails to properly handle special... Moderate Unreviewed

CVE-2025-25478 was published Mar 1, 2025

Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro High

CVE-2025-1686 was published for io.pebbletemplates:pebble (Maven) Feb 28, 2025

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the... High Unreviewed

CVE-2025-25761 was published Feb 27, 2025

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti... Critical Unreviewed

CVE-2024-38657 was published Feb 21, 2025

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web... Moderate Unreviewed

CVE-2025-0109 was published Feb 12, 2025

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an... High Unreviewed

CVE-2025-0111 was published Feb 12, 2025

NTLM Hash Disclosure Spoofing Vulnerability Moderate Unreviewed

CVE-2025-21377 was published Feb 11, 2025

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti... Moderate Unreviewed

CVE-2024-12058 was published Feb 11, 2025

Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local... Moderate Unreviewed

CVE-2025-0630 was published Feb 4, 2025

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2024-12267 was published Jan 31, 2025

The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File... Moderate Unreviewed

CVE-2024-12861 was published Jan 30, 2025

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an... Moderate Unreviewed

CVE-2025-0105 was published Jan 11, 2025

A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as... Moderate Unreviewed

CVE-2025-0211 was published Jan 4, 2025

A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an... Moderate Unreviewed

CVE-2025-0202 was published Jan 4, 2025

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress... Moderate Unreviewed

CVE-2024-12875 was published Dec 21, 2024

The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed

CVE-2024-12066 was published Dec 21, 2024

External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows... High Unreviewed

CVE-2024-4230 was published Dec 19, 2024

External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion... High Unreviewed

CVE-2024-11838 was published Dec 13, 2024

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and... Moderate Unreviewed

CVE-2024-12357 was published Dec 9, 2024

Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path Moderate

CVE-2024-10492 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024

Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path Low

GHSA-6vrw-mpj8-3j59 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 • withdrawn

NTLM Hash Disclosure Spoofing Vulnerability Moderate Unreviewed

CVE-2024-43451 was published Nov 12, 2024

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file... Low Unreviewed

CVE-2024-10672 was published Nov 12, 2024

The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all... Moderate Unreviewed

CVE-2023-5816 was published Oct 30, 2024

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This... Moderate Unreviewed

CVE-2024-5823 was published Oct 29, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

195 advisories