Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

237 advisories

Loading
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-3812 was published May 17, 2025
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability High
CVE-2025-26646 was published for Microsoft.Build.Tasks.Core (NuGet) May 13, 2025
udlose
Credited to udlose
External control of file name or path in Microsoft Defender for Endpoint allows an authorized... Moderate Unreviewed
CVE-2025-26684 was published May 13, 2025
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is... High Unreviewed
CVE-2025-3419 was published May 8, 2025
Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata High
CVE-2025-46762 was published for org.apache.parquet:parquet-avro (Maven) May 6, 2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a... Moderate Unreviewed
CVE-2025-1056 was published Apr 23, 2025
LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed
CVE-2025-43951 was published Apr 22, 2025
The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0... High Unreviewed
CVE-2024-57394 was published Apr 21, 2025
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon... High Unreviewed
CVE-2025-3103 was published Apr 19, 2025
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio"... Critical Unreviewed
CVE-2025-29709 was published Apr 16, 2025
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create... Critical Unreviewed
CVE-2025-29708 was published Apr 16, 2025
Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows... Critical Unreviewed
CVE-2024-55371 was published Apr 16, 2025
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows... Critical Unreviewed
CVE-2024-55372 was published Apr 16, 2025
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables... Moderate Unreviewed
CVE-2025-0124 was published Apr 11, 2025
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized... Moderate Unreviewed
CVE-2025-29819 was published Apr 8, 2025
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-3431 was published Apr 8, 2025
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-2004 was published Apr 8, 2025
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file... High Unreviewed
CVE-2025-3033 was published Apr 1, 2025
A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x.... Moderate Unreviewed
CVE-2025-2982 was published Mar 31, 2025
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress... Low Unreviewed
CVE-2025-1911 was published Mar 26, 2025
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL ... High Unreviewed
CVE-2024-10210 was published Mar 25, 2025
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file... Low Unreviewed
CVE-2025-1972 was published Mar 22, 2025
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary... Low Unreviewed
CVE-2024-13922 was published Mar 20, 2025
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems... High Unreviewed
CVE-2025-0452 was published Mar 20, 2025
AgentScope directory traversal vulnerability in /read-examples High
CVE-2024-8524 was published for agentscope (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database