GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
29 advisories
Filter by severity
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is...
Critical
Unreviewed
CVE-2025-4689
was published
Jul 2, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-47586
was published
Jun 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-46468
was published
May 23, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-39406
was published
May 19, 2025
A improper control of filename for include/require statement in PHP program vulnerability in the...
Critical
Unreviewed
CVE-2025-31340
was published
Apr 17, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-32577
was published
Apr 11, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-26909
was published
Mar 27, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-28916
was published
Mar 26, 2025
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable...
Critical
Unreviewed
CVE-2024-13790
was published
Mar 19, 2025
The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and...
Critical
Unreviewed
CVE-2025-1771
was published
Mar 15, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-26916
was published
Mar 10, 2025
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local...
Critical
Unreviewed
CVE-2024-9193
was published
Feb 28, 2025
Network access can be used to execute arbitrary code with elevated privileges.
This
issue...
Critical
Unreviewed
CVE-2024-48841
was published
Jan 27, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-49649
was published
Jan 7, 2025
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is...
Critical
Unreviewed
CVE-2024-12571
was published
Dec 20, 2024
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local...
Critical
Unreviewed
CVE-2024-12209
was published
Dec 8, 2024
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion...
Critical
Unreviewed
CVE-2024-10571
was published
Nov 14, 2024
The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all...
Critical
Unreviewed
CVE-2024-10871
was published
Nov 9, 2024
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly...
Critical
Unreviewed
CVE-2024-41925
was published
Oct 4, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-43261
was published
Aug 19, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-35629
was published
Jun 4, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file...
Critical
Unreviewed
CVE-2024-33863
was published
May 14, 2024
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application,...
Critical
Unreviewed
CVE-2024-1600
was published
Apr 10, 2024
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows...
Critical
Unreviewed
CVE-2024-30849
was published
Apr 5, 2024
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2023-4488
was published
Oct 20, 2023
ProTip!
Advisories are also available from the
GraphQL API