Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
An external control of file name or path vulnerability in the delete file function of Soar Cloud... High Unreviewed
CVE-2025-48783 was published Jun 6, 2025
An external control of file name or path vulnerability in the download file function of Soar... High Unreviewed
CVE-2025-48781 was published Jun 6, 2025
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential... High Unreviewed
CVE-2024-51553 was published May 22, 2025
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if... High Unreviewed
CVE-2025-2409 was published May 22, 2025
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-3812 was published May 17, 2025
The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0... High Unreviewed
CVE-2024-57394 was published Apr 21, 2025
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is... High Unreviewed
CVE-2025-3419 was published May 8, 2025
Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata High
CVE-2025-46762 was published for org.apache.parquet:parquet-avro (Maven) May 6, 2025
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon... High Unreviewed
CVE-2025-3103 was published Apr 19, 2025
When downloading files on Windows, the % character was not escaped, which could have lead to a... High Unreviewed
CVE-2022-31739 was published Dec 22, 2022
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-3431 was published Apr 8, 2025
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file... High Unreviewed
CVE-2025-3033 was published Apr 1, 2025
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of... High Unreviewed
CVE-2024-20366 was published May 15, 2024
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL ... High Unreviewed
CVE-2024-10210 was published Mar 25, 2025
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed
CVE-2022-2431 was published Sep 7, 2022
AgentScope directory traversal vulnerability in /read-examples High
CVE-2024-8524 was published for agentscope (pip) Mar 20, 2025
H2O Vulnerable to Arbitrary File Overwrite High
CVE-2024-8616 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems... High Unreviewed
CVE-2025-0452 was published Mar 20, 2025
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2,... High Unreviewed
CVE-2024-10361 was published Mar 20, 2025
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3... High Unreviewed
CVE-2023-45588 was published Mar 14, 2025
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under... High Unreviewed
CVE-2024-41183 was published Oct 22, 2024
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
GHSA-w7f9-wqc4-3wxr was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,... High Unreviewed
CVE-2024-12036 was published Mar 7, 2025
There is a local file inclusion vulnerability in ArcGIS Server 10.9.1 thru 11.3 that may allow a... High Unreviewed
CVE-2024-51961 was published Mar 3, 2025
Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro High
CVE-2025-1686 was published for io.pebbletemplates:pebble (Maven) Feb 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database