Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

195 advisories

Loading
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is... High Unreviewed
CVE-2025-3419 was published May 8, 2025
The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0... High Unreviewed
CVE-2024-57394 was published Apr 21, 2025
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-3812 was published May 17, 2025
External control of file name or path in Microsoft Defender for Endpoint allows an authorized... Moderate Unreviewed
CVE-2025-26684 was published May 13, 2025
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if... High Unreviewed
CVE-2025-2409 was published May 22, 2025
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential... High Unreviewed
CVE-2024-51553 was published May 22, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4603 was published May 24, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File... Moderate Unreviewed
CVE-2025-4602 was published May 24, 2025
Kea configuration and API directives can be used to overwrite arbitrary files, subject to... Moderate Unreviewed
CVE-2025-32802 was published May 28, 2025
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2025-24054 was published Mar 11, 2025
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail... Moderate Unreviewed
CVE-2020-36772 was published Jan 22, 2024
An external control of file name or path vulnerability in the download file function of Soar... High Unreviewed
CVE-2025-48781 was published Jun 6, 2025
An external control of file name or path vulnerability in the delete file function of Soar Cloud... High Unreviewed
CVE-2025-48783 was published Jun 6, 2025
External control of file name or path in Windows Security App allows an authorized attacker to... Moderate Unreviewed
CVE-2025-47956 was published Jun 10, 2025
OctoPrint vulnerable to possible file extraction via upload endpoints Moderate
CVE-2025-48067 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
External control of file name or path in WebDAV allows an unauthorized attacker to execute code... High Unreviewed
CVE-2025-33053 was published Jun 10, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3... Moderate Unreviewed
CVE-2025-36506 was published Jun 13, 2025
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability High
CVE-2025-26646 was published for Microsoft.Build.Tasks.Core (NuGet) May 13, 2025
udlose
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database