Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,970
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

195 advisories

Loading
External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3... Moderate Unreviewed
CVE-2025-36506 was published Jun 13, 2025
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
OctoPrint vulnerable to possible file extraction via upload endpoints Moderate
CVE-2025-48067 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
External control of file name or path in Windows Security App allows an authorized attacker to... Moderate Unreviewed
CVE-2025-47956 was published Jun 10, 2025
External control of file name or path in WebDAV allows an unauthorized attacker to execute code... High Unreviewed
CVE-2025-33053 was published Jun 10, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
An external control of file name or path vulnerability in the download file function of Soar... High Unreviewed
CVE-2025-48781 was published Jun 6, 2025
An external control of file name or path vulnerability in the delete file function of Soar Cloud... High Unreviewed
CVE-2025-48783 was published Jun 6, 2025
Kea configuration and API directives can be used to overwrite arbitrary files, subject to... Moderate Unreviewed
CVE-2025-32802 was published May 28, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4603 was published May 24, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File... Moderate Unreviewed
CVE-2025-4602 was published May 24, 2025
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential... High Unreviewed
CVE-2024-51553 was published May 22, 2025
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if... High Unreviewed
CVE-2025-2409 was published May 22, 2025
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-3812 was published May 17, 2025
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability High
CVE-2025-26646 was published for Microsoft.Build.Tasks.Core (NuGet) May 13, 2025
udlose
External control of file name or path in Microsoft Defender for Endpoint allows an authorized... Moderate Unreviewed
CVE-2025-26684 was published May 13, 2025
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is... High Unreviewed
CVE-2025-3419 was published May 8, 2025
Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata High
CVE-2025-46762 was published for org.apache.parquet:parquet-avro (Maven) May 6, 2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a... Moderate Unreviewed
CVE-2025-1056 was published Apr 23, 2025
LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed
CVE-2025-43951 was published Apr 22, 2025
The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0... High Unreviewed
CVE-2024-57394 was published Apr 21, 2025
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon... High Unreviewed
CVE-2025-3103 was published Apr 19, 2025
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create... Critical Unreviewed
CVE-2025-29708 was published Apr 16, 2025
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio"... Critical Unreviewed
CVE-2025-29709 was published Apr 16, 2025
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows... Critical Unreviewed
CVE-2024-55372 was published Apr 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database