Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,259
NuGet
760
pip
4,052
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

237 advisories

Loading
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2025-12137 was published Nov 1, 2025
Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile... High Unreviewed
CVE-2020-36868 was published Oct 31, 2025
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server High
CVE-2025-62611 was published for aiomysql (pip) Oct 22, 2025
KonstantAnxiety
Credited to KonstantAnxiety
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.  ... Moderate Unreviewed
CVE-2025-8050 was published Oct 21, 2025
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.... Moderate Unreviewed
CVE-2025-8048 was published Oct 20, 2025
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all... Moderate Unreviewed
CVE-2025-11738 was published Oct 18, 2025
A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note:... High Unreviewed
CVE-2025-59483 was published Oct 15, 2025
External control of file name or path in Confidential Azure Container Instances allows an... High Unreviewed
CVE-2025-59291 was published Oct 14, 2025
External control of file name or path in Confidential Azure Container Instances allows an... High Unreviewed
CVE-2025-59292 was published Oct 14, 2025
External control of file name or path in Windows Core Shell allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-59244 was published Oct 14, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in... High Unreviewed
CVE-2025-59200 was published Oct 14, 2025
External control of file name or path in Windows Core Shell allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-59185 was published Oct 14, 2025
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10494 was published Oct 8, 2025
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup... Low Unreviewed
CVE-2025-10306 was published Oct 3, 2025
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
InvokeAI has External Control of File Name or Path Critical
CVE-2025-6237 was published for invokeai (pip) Sep 18, 2025
cai0duque
Credited to cai0duque
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10058 was published Sep 17, 2025
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8422 was published Sep 11, 2025
External control of file name or path in Azure Arc allows an authorized attacker to elevate... High Unreviewed
CVE-2025-55316 was published Sep 9, 2025
A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts... Moderate Unreviewed
CVE-2025-9920 was published Sep 9, 2025
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-10134 was published Sep 9, 2025
A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous... Low Unreviewed
CVE-2025-10043 was published Sep 5, 2025
Harness Allows Arbitrary File Write in Gitness LFS server High
CVE-2025-58158 was published for github.com/harness/gitness (Go) Aug 29, 2025
TheKavorka
Credited to TheKavorka
A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element... Moderate Unreviewed
CVE-2025-9529 was published Aug 27, 2025
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-9048 was published Aug 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database