GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,895
Composer 4,779
Erlang 36
GitHub Actions 29
Go 2,338
Maven 5,642
npm 3,972
NuGet 714
pip 3,769
Pub 12
RubyGems 923
Rust 976
Swift 38

Unreviewed advisories

All unreviewed 259,824

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

195 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

AgentScope directory traversal vulnerability in /read-examples High

CVE-2024-8524 was published for agentscope (pip) Mar 20, 2025

DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical

CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed

CVE-2022-2431 was published Sep 7, 2022

Aim External Control of File Name or Path vulnerability Critical

CVE-2024-6829 was published for aim (pip) Mar 20, 2025

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file... Low Unreviewed

CVE-2025-1972 was published Mar 22, 2025

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL ... High Unreviewed

CVE-2024-10210 was published Mar 25, 2025

A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of... High Unreviewed

CVE-2024-20366 was published May 15, 2024

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress... Low Unreviewed

CVE-2025-1911 was published Mar 26, 2025

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file... Moderate Unreviewed

CVE-2024-36473 was published Jun 11, 2024

A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x.... Moderate Unreviewed

CVE-2025-2982 was published Mar 31, 2025

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file... High Unreviewed

CVE-2025-3033 was published Apr 1, 2025

The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed

CVE-2025-2004 was published Apr 8, 2025

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-3431 was published Apr 8, 2025

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized... Moderate Unreviewed

CVE-2025-29819 was published Apr 8, 2025

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. Critical Unreviewed

CVE-2022-45213 was published Jan 1, 2023

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables... Moderate Unreviewed

CVE-2025-0124 was published Apr 11, 2025

When downloading files on Windows, the % character was not escaped, which could have lead to a... High Unreviewed

CVE-2022-31739 was published Dec 22, 2022

Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows... Critical Unreviewed

CVE-2024-55372 was published Apr 16, 2025

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows... Critical Unreviewed

CVE-2024-55371 was published Apr 16, 2025

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create... Critical Unreviewed

CVE-2025-29708 was published Apr 16, 2025

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio"... Critical Unreviewed

CVE-2025-29709 was published Apr 16, 2025

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon... High Unreviewed

CVE-2025-3103 was published Apr 19, 2025

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a... Moderate Unreviewed

CVE-2025-1056 was published Apr 23, 2025

LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed

CVE-2025-43951 was published Apr 22, 2025

Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata High

CVE-2025-46762 was published for org.apache.parquet:parquet-avro (Maven) May 6, 2025

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

195 advisories