Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2025-12137 was published Nov 1, 2025
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.  ... Moderate Unreviewed
CVE-2025-8050 was published Oct 21, 2025
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.... Moderate Unreviewed
CVE-2025-8048 was published Oct 20, 2025
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all... Moderate Unreviewed
CVE-2025-11738 was published Oct 18, 2025
External control of file name or path in Windows Core Shell allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-59244 was published Oct 14, 2025
External control of file name or path in Windows Core Shell allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-59185 was published Oct 14, 2025
A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts... Moderate Unreviewed
CVE-2025-9920 was published Sep 9, 2025
A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element... Moderate Unreviewed
CVE-2025-9529 was published Aug 27, 2025
Dpanel has an arbitrary file read vulnerability Moderate
CVE-2025-53363 was published for github.com/donknap/dpanel (Go) Aug 22, 2025
LTLTLXEY
Credited to LTLTLXEY
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... Moderate Unreviewed
CVE-2025-20269 was published Aug 20, 2025
External control of file name or path in Windows Security App allows an authorized attacker to... Moderate Unreviewed
CVE-2025-53769 was published Aug 12, 2025
External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3... Moderate Unreviewed
CVE-2025-36506 was published Jun 13, 2025
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
OctoPrint vulnerable to possible file extraction via upload endpoints Moderate
CVE-2025-48067 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
Credited to jacopotediosi
External control of file name or path in Windows Security App allows an authorized attacker to... Moderate Unreviewed
CVE-2025-47956 was published Jun 10, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
Credited to Indigo-10
Kea configuration and API directives can be used to overwrite arbitrary files, subject to... Moderate Unreviewed
CVE-2025-32802 was published May 28, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File... Moderate Unreviewed
CVE-2025-4602 was published May 24, 2025
External control of file name or path in Microsoft Defender for Endpoint allows an authorized... Moderate Unreviewed
CVE-2025-26684 was published May 13, 2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a... Moderate Unreviewed
CVE-2025-1056 was published Apr 23, 2025
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables... Moderate Unreviewed
CVE-2025-0124 was published Apr 11, 2025
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized... Moderate Unreviewed
CVE-2025-29819 was published Apr 8, 2025
A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x.... Moderate Unreviewed
CVE-2025-2982 was published Mar 31, 2025
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2025-24996 was published Mar 11, 2025
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2025-24054 was published Mar 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database