Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6... Critical Unreviewed
CVE-2026-30903 was published Mar 11, 2026
MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment Critical
CVE-2026-27825 was published for mcp-atlassian (pip) Mar 10, 2026
yotampe-pluto Credited to yotampe-pluto and gil-maman-p gil-maman-p gil-maman-p
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability Critical
CVE-2026-25630 was published for survey-pdf (npm) Feb 4, 2026
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write Critical
CVE-2025-64712 was published for unstructured (pip) Feb 3, 2026
H2O has an External Control of File Name or Path vulnerability Critical
CVE-2024-5986 was published for ai.h2o:h2o-core (Maven) Feb 2, 2026
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS... Critical Unreviewed
CVE-2025-53912 was published Jan 20, 2026
jsPDF has Local File Inclusion/Path Traversal vulnerability Critical
CVE-2025-68428 was published for jspdf (npm) Jan 5, 2026
kilkat Credited to kilkat
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6... Critical Unreviewed
CVE-2025-65473 was published Dec 11, 2025
Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66257 was published Nov 26, 2025
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
InvokeAI has External Control of File Name or Path Critical
CVE-2025-6237 was published for invokeai (pip) Sep 18, 2025
cai0duque Credited to cai0duque
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-10134 was published Sep 9, 2025
Directus allows unauthenticated file upload and file modification due to lacking input sanitization Critical
CVE-2025-55746 was published for @directus/api (npm) Aug 20, 2025
r4bbit-r4 Credited to r4bbit-r4
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-5393 was published Jul 15, 2025
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify... Critical Unreviewed
CVE-2025-33117 was published Jun 19, 2025
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4603 was published May 24, 2025
LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed
CVE-2025-43951 was published Apr 22, 2025
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create... Critical Unreviewed
CVE-2025-29708 was published Apr 16, 2025
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio"... Critical Unreviewed
CVE-2025-29709 was published Apr 16, 2025
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows... Critical Unreviewed
CVE-2024-55372 was published Apr 16, 2025
Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows... Critical Unreviewed
CVE-2024-55371 was published Apr 16, 2025
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-2004 was published Apr 8, 2025
Aim External Control of File Name or Path vulnerability Critical
CVE-2024-6829 was published for aim (pip) Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that... Critical Unreviewed
CVE-2024-10834 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database