Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,753
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
An external control of file name or path vulnerability in the delete file function of Soar Cloud... High Unreviewed
CVE-2025-48783 was published Jun 6, 2025
An external control of file name or path vulnerability in the download file function of Soar... High Unreviewed
CVE-2025-48781 was published Jun 6, 2025
Kea configuration and API directives can be used to overwrite arbitrary files, subject to... Moderate Unreviewed
CVE-2025-32802 was published May 28, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4603 was published May 24, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File... Moderate Unreviewed
CVE-2025-4602 was published May 24, 2025
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential... High Unreviewed
CVE-2024-51553 was published May 22, 2025
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if... High Unreviewed
CVE-2025-2409 was published May 22, 2025
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-3812 was published May 17, 2025
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability Low
CVE-2025-26646 was published for Microsoft.Build.Tasks.Core (NuGet) May 13, 2025
udlose
External control of file name or path in Microsoft Defender for Endpoint allows an authorized... Moderate Unreviewed
CVE-2025-26684 was published May 13, 2025
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is... High Unreviewed
CVE-2025-3419 was published May 8, 2025
Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata High
CVE-2025-46762 was published for org.apache.parquet:parquet-avro (Maven) May 6, 2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a... Moderate Unreviewed
CVE-2025-1056 was published Apr 23, 2025
LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed
CVE-2025-43951 was published Apr 22, 2025
The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0... High Unreviewed
CVE-2024-57394 was published Apr 21, 2025
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon... High Unreviewed
CVE-2025-3103 was published Apr 19, 2025
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create... Critical Unreviewed
CVE-2025-29708 was published Apr 16, 2025
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio"... Critical Unreviewed
CVE-2025-29709 was published Apr 16, 2025
Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows... Critical Unreviewed
CVE-2024-55371 was published Apr 16, 2025
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows... Critical Unreviewed
CVE-2024-55372 was published Apr 16, 2025
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables... Moderate Unreviewed
CVE-2025-0124 was published Apr 11, 2025
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized... Moderate Unreviewed
CVE-2025-29819 was published Apr 8, 2025
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-3431 was published Apr 8, 2025
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-2004 was published Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database