Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,179 advisories

Loading
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows... High Unreviewed
CVE-2025-40629 was published May 16, 2025
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been... Moderate Unreviewed
CVE-2025-4720 was published May 15, 2025
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4564 was published May 15, 2025
The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File... High Unreviewed
CVE-2024-13914 was published May 15, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation... Moderate Unreviewed
CVE-2025-43566 was published May 13, 2025
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper Moderate
CVE-2025-30159 was published for getkirby/kirby (Composer) May 13, 2025
bnomei tobimori
Kirby vulnerable to path traversal in the router for PHP's built-in server Low
CVE-2025-30207 was published for getkirby/cms (Composer) May 13, 2025
Kirby vulnerable to path traversal of collection names during file system lookup Moderate
CVE-2025-31493 was published for getkirby/cms (Composer) May 13, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an... Critical Unreviewed
CVE-2025-30387 was published May 13, 2025
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can... High Unreviewed
CVE-2024-48766 was published May 13, 2025
upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit High Unreviewed
CVE-2025-28055 was published May 13, 2025
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions).... Moderate Unreviewed
CVE-2025-40573 was published May 13, 2025
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9... Critical Unreviewed
CVE-2025-4632 was published May 13, 2025
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits... High Unreviewed
CVE-2024-4982 was published May 12, 2025
A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as... Moderate Unreviewed
CVE-2025-4545 was published May 11, 2025
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been... Moderate Unreviewed
CVE-2025-4530 was published May 11, 2025
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been... Moderate Unreviewed
CVE-2025-4529 was published May 11, 2025
A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as... Moderate Unreviewed
CVE-2025-4511 was published May 10, 2025
The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for... High Unreviewed
CVE-2025-2158 was published May 10, 2025
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin... High Unreviewed
CVE-2025-4206 was published May 9, 2025
The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,... Moderate Unreviewed
CVE-2025-3897 was published May 9, 2025
OpenStack Ironic fails to restrict paths used for file:// image URLs Low
CVE-2025-44021 was published for ironic (pip) May 8, 2025
Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an... High Unreviewed
CVE-2024-6648 was published May 8, 2025
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can... High Unreviewed
CVE-2025-32820 was published May 7, 2025
A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly... Moderate Unreviewed
CVE-2025-20187 was published May 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database