GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,395
Composer 4,950
Erlang 39
GitHub Actions 38
Go 2,603
Maven 6,053
npm 4,250
NuGet 755
pip 4,013
Pub 12
RubyGems 953
Rust 1,048
Swift 45

Unreviewed advisories

All unreviewed 274,976

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

235 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

External control of file name or path in Microsoft Defender for Endpoint allows an authorized... Moderate Unreviewed

CVE-2025-26684 was published May 13, 2025

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is... High Unreviewed

CVE-2025-3419 was published May 8, 2025

Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata High

CVE-2025-46762 was published for org.apache.parquet:parquet-avro (Maven) May 6, 2025

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a... Moderate Unreviewed

CVE-2025-1056 was published Apr 23, 2025

LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed

CVE-2025-43951 was published Apr 22, 2025

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0... High Unreviewed

CVE-2024-57394 was published Apr 21, 2025

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon... High Unreviewed

CVE-2025-3103 was published Apr 19, 2025

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create... Critical Unreviewed

CVE-2025-29708 was published Apr 16, 2025

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio"... Critical Unreviewed

CVE-2025-29709 was published Apr 16, 2025

Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows... Critical Unreviewed

CVE-2024-55372 was published Apr 16, 2025

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows... Critical Unreviewed

CVE-2024-55371 was published Apr 16, 2025

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables... Moderate Unreviewed

CVE-2025-0124 was published Apr 11, 2025

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized... Moderate Unreviewed

CVE-2025-29819 was published Apr 8, 2025

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-3431 was published Apr 8, 2025

The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed

CVE-2025-2004 was published Apr 8, 2025

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file... High Unreviewed

CVE-2025-3033 was published Apr 1, 2025

A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x.... Moderate Unreviewed

CVE-2025-2982 was published Mar 31, 2025

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress... Low Unreviewed

CVE-2025-1911 was published Mar 26, 2025

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL ... High Unreviewed

CVE-2024-10210 was published Mar 25, 2025

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file... Low Unreviewed

CVE-2025-1972 was published Mar 22, 2025

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary... Low Unreviewed

CVE-2024-13922 was published Mar 20, 2025

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems... High Unreviewed

CVE-2025-0452 was published Mar 20, 2025

AgentScope directory traversal vulnerability in /read-examples High

CVE-2024-8524 was published for agentscope (pip) Mar 20, 2025

H2O Vulnerable to Arbitrary File Overwrite High

CVE-2024-8616 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025

Aim External Control of File Name or Path vulnerability Critical

CVE-2024-6829 was published for aim (pip) Mar 20, 2025

Previous 1…3…10 Next

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

235 advisories