Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read Moderate
GHSA-vffh-c9pq-4crh was published for uptime-kuma (npm) Oct 20, 2025
TriangleSnake
Credited to TriangleSnake
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to,... Moderate Unreviewed
CVE-2025-9516 was published Sep 4, 2025
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker ... Moderate Unreviewed
CVE-2025-53079 was published Jul 29, 2025
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-8009 was published Jul 25, 2025
Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs Moderate
CVE-2025-53651 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Jul 9, 2025
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading... Moderate Unreviewed
CVE-2025-53392 was published Jun 29, 2025
A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui,... Moderate Unreviewed
CVE-2024-12375 was published Mar 20, 2025
parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing... Moderate Unreviewed
CVE-2024-10047 was published Mar 20, 2025
Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by... Moderate Unreviewed
CVE-2025-0001 was published Feb 17, 2025
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure... Moderate Unreviewed
CVE-2024-6097 was published Feb 12, 2025
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. Moderate Unreviewed
CVE-2024-57966 was published Feb 3, 2025
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in... Moderate Unreviewed
CVE-2024-10651 was published Nov 1, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Moderate Unreviewed
CVE-2024-20379 was published Oct 23, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
Credited to emilvirkki
OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality,... Moderate Unreviewed
CVE-2024-8778 was published Sep 16, 2024
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the... Moderate Unreviewed
CVE-2024-7323 was published Aug 2, 2024
An improper absolute path traversal vulnerability was reported for the Ready For application... Moderate Unreviewed
CVE-2023-41830 was published May 3, 2024
An attacker could potentially exploit this vulnerability, leading to files being read from the... Moderate Unreviewed
CVE-2023-5390 was published Jan 31, 2024
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue... Moderate Unreviewed
CVE-2023-30970 was published Jan 29, 2024
Ansible symlink attack vulnerability Moderate
CVE-2023-5115 was published for ansible (pip) Dec 28, 2023
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by... Moderate Unreviewed
CVE-2023-5022 was published Sep 17, 2023
A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood... Moderate Unreviewed
CVE-2023-4172 was published Aug 6, 2023
Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated... Moderate Unreviewed
CVE-2023-34135 was published Jul 13, 2023
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This... Moderate Unreviewed
CVE-2023-2765 was published May 17, 2023
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up... Moderate Unreviewed
CVE-2023-2101 was published Apr 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database