Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,056
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
InvokeAI has External Control of File Name or Path Critical
CVE-2025-6237 was published for invokeai (pip) Sep 18, 2025
cai0duque
Credited to cai0duque
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-10134 was published Sep 9, 2025
Directus allows unauthenticated file upload and file modification due to lacking input sanitization Critical
CVE-2025-55746 was published for @directus/api (npm) Aug 20, 2025
r4bbit-r4
Credited to r4bbit-r4
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-5393 was published Jul 15, 2025
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify... Critical Unreviewed
CVE-2025-33117 was published Jun 19, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4603 was published May 24, 2025
LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed
CVE-2025-43951 was published Apr 22, 2025
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio"... Critical Unreviewed
CVE-2025-29709 was published Apr 16, 2025
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create... Critical Unreviewed
CVE-2025-29708 was published Apr 16, 2025
Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows... Critical Unreviewed
CVE-2024-55371 was published Apr 16, 2025
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows... Critical Unreviewed
CVE-2024-55372 was published Apr 16, 2025
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-2004 was published Apr 8, 2025
Aim External Control of File Name or Path vulnerability Critical
CVE-2024-6829 was published for aim (pip) Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical
CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that... Critical Unreviewed
CVE-2024-10834 was published Mar 20, 2025
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti... Critical Unreviewed
CVE-2024-38657 was published Feb 21, 2025
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource... Critical Unreviewed
CVE-2024-9142 was published Sep 25, 2024
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and... Critical Unreviewed
CVE-2024-8517 was published Sep 6, 2024
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the... Critical Unreviewed
CVE-2024-0087 was published May 14, 2024
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28394 was published Mar 20, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Credited to Blaklis, ErwanGuillon, and bsweeney
A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN... Critical Unreviewed
CVE-2023-47862 was published Jan 10, 2024
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database