Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

717 advisories

Loading
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress... Critical Unreviewed
CVE-2025-0493 was published Jan 31, 2025
Deep Java Library path traversal issue Critical
CVE-2025-0851 was published for ai.djl:api (Maven) Jan 29, 2025
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions... Critical Unreviewed
CVE-2024-13545 was published Jan 24, 2025
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39787 was published Jan 14, 2025
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39786 was published Jan 14, 2025
The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite... Critical Unreviewed
CVE-2024-11642 was published Jan 9, 2025
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability Critical
CVE-2024-56198 was published for path-sanitizer (npm) Jan 2, 2025
realArcherL
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all... Critical Unreviewed
CVE-2021-26102 was published Dec 19, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component... Critical Unreviewed
CVE-2024-55513 was published Dec 17, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The... Critical Unreviewed
CVE-2024-55516 was published Dec 17, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component... Critical Unreviewed
CVE-2024-55515 was published Dec 17, 2024
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could... Critical Unreviewed
CVE-2024-11992 was published Nov 29, 2024
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may... Critical Unreviewed
CVE-2024-53676 was published Nov 27, 2024
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-52333 was published Nov 22, 2024
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2023-51639 was published Nov 22, 2024
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2024-52771 was published Nov 20, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11314 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11312 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11315 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11313 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11311 was published Nov 18, 2024
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over... Critical Unreviewed
CVE-2024-50648 was published Nov 15, 2024
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Critical Unreviewed
CVE-2024-50649 was published Nov 15, 2024
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... Critical Unreviewed
CVE-2024-11150 was published Nov 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database