Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

650 advisories

Loading
The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-4828 was published Jul 9, 2025
Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-6794 was published Jul 7, 2025
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and... Critical Unreviewed
CVE-2025-6793 was published Jul 7, 2025
MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute... Critical Unreviewed
CVE-2025-49153 was published Jun 26, 2025
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 -... Critical Unreviewed
CVE-2025-34040 was published Jun 26, 2025
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to... Critical Unreviewed
CVE-2025-45890 was published Jun 20, 2025
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras,... Critical Unreviewed
CVE-2025-34022 was published Jun 20, 2025
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6... Critical Unreviewed
CVE-2024-10811 was published Jan 14, 2025
The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-6065 was published Jun 14, 2025
Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0... Critical Unreviewed
CVE-2025-46783 was published Jun 13, 2025
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers... Critical Unreviewed
CVE-2023-6623 was published Jan 15, 2024
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter... Critical Unreviewed
CVE-2025-4517 was published Jun 3, 2025
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions ... Critical Unreviewed
CVE-2024-12718 was published Jun 3, 2025
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files... Critical Unreviewed
CVE-2023-38951 was published Aug 4, 2023
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is... Critical Unreviewed
CVE-2025-4524 was published May 21, 2025
Improper limitation of pathname in Circuit Provisioning and File Import applications allows... Critical Unreviewed
CVE-2025-48017 was published May 20, 2025
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper... Critical Unreviewed
CVE-2025-27920 was published May 5, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-32926 was published May 19, 2025
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-4564 was published May 15, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an... Critical Unreviewed
CVE-2025-30387 was published May 13, 2025
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9... Critical Unreviewed
CVE-2025-4632 was published May 13, 2025
A path traversal vulnerability in Commvault Command Center Innovation Release allows an... Critical Unreviewed
CVE-2025-34028 was published Apr 22, 2025
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2025-45238 was published May 5, 2025
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5). Critical Unreviewed
CVE-2022-38165 was published Nov 18, 2022
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files... Critical Unreviewed
CVE-2018-14847 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database