Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and... Critical Unreviewed
CVE-2024-8517 was published Sep 6, 2024
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4... Moderate Unreviewed
CVE-2024-22341 was published Feb 22, 2025
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion... High Unreviewed
CVE-2024-11838 was published Dec 13, 2024
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables... Moderate Unreviewed
CVE-2025-0124 was published Apr 11, 2025
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup... Low Unreviewed
CVE-2025-10306 was published Oct 3, 2025
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10494 was published Oct 8, 2025
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows... High Unreviewed
CVE-2014-2375 was published May 17, 2022
External control of file name or path in Windows Core Shell allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-59244 was published Oct 14, 2025
External control of file name or path in Windows Core Shell allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-59185 was published Oct 14, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in... High Unreviewed
CVE-2025-59200 was published Oct 14, 2025
External control of file name or path in Confidential Azure Container Instances allows an... High Unreviewed
CVE-2025-59292 was published Oct 14, 2025
External control of file name or path in Confidential Azure Container Instances allows an... High Unreviewed
CVE-2025-59291 was published Oct 14, 2025
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2,... High Unreviewed
CVE-2024-10361 was published Mar 20, 2025
A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note:... High Unreviewed
CVE-2025-59483 was published Oct 15, 2025
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical
CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all... Moderate Unreviewed
CVE-2025-11738 was published Oct 18, 2025
NTLM Hash Disclosure Spoofing Vulnerability Moderate Unreviewed
CVE-2024-43451 was published Nov 12, 2024
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an... High Unreviewed
CVE-2025-0111 was published Feb 12, 2025
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2025-24054 was published Mar 11, 2025
External control of file name or path in WebDAV allows an unauthorized attacker to execute code... High Unreviewed
CVE-2025-33053 was published Jun 10, 2025
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server High
CVE-2025-62611 was published for aiomysql (pip) Oct 22, 2025
KonstantAnxiety
Credited to KonstantAnxiety
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.  ... Moderate Unreviewed
CVE-2025-8050 was published Oct 21, 2025
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.... Moderate Unreviewed
CVE-2025-8048 was published Oct 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database