Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an... Moderate Unreviewed
CVE-2025-67461 was published Dec 10, 2025
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6... Critical Unreviewed
CVE-2025-65473 was published Dec 11, 2025
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions... Moderate Unreviewed
CVE-2025-13320 was published Dec 12, 2025
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint High
CVE-2025-68155 was published for @vitejs/plugin-rsc (npm) Dec 16, 2025
yueyueL Credited to yueyueL
memos lacks file name validation or verification Moderate
CVE-2025-65799 was published for github.com/usememos/memos (Go) Dec 8, 2025
Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro High
CVE-2025-1686 was published for io.pebbletemplates:pebble (Maven) Feb 28, 2025
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-12654 was published Dec 21, 2025
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo Credited to J1vvoo and im-soohyun im-soohyun im-soohyun
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all... Moderate Unreviewed
CVE-2025-14059 was published Jan 7, 2026
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a... High Unreviewed
CVE-2025-66003 was published Jan 8, 2026
External control of file name or path in Windows Telephony Service allows an authorized attacker... High Unreviewed
CVE-2026-20931 was published Jan 13, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2026-20872 was published Jan 13, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform... Moderate Unreviewed
CVE-2026-20925 was published Jan 13, 2026
jsPDF has Local File Inclusion/Path Traversal vulnerability Critical
CVE-2025-68428 was published for jspdf (npm) Jan 5, 2026
kilkat Credited to kilkat
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS... Critical Unreviewed
CVE-2025-53912 was published Jan 20, 2026
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows... High Unreviewed
CVE-2021-47746 was published Jan 21, 2026
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows... High Unreviewed
CVE-2021-47871 was published Jan 21, 2026
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an... Moderate Unreviewed
CVE-2025-0105 was published Jan 11, 2025
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
LobeHub Vulnerable to Improper Authorization in Presigned Upload Moderate
CVE-2026-23835 was published for @lobehub/chat (npm) Feb 1, 2026
uko3211 Credited to uko3211
H2O has an External Control of File Name or Path vulnerability Critical
CVE-2024-5986 was published for ai.h2o:h2o-core (Maven) Feb 2, 2026
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that... High Unreviewed
CVE-2020-37078 was published Feb 4, 2026
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration... High Unreviewed
CVE-2020-37080 was published Feb 4, 2026
An external control of file name or path vulnerability in the delete file function of Soar Cloud... High Unreviewed
CVE-2025-48783 was published Jun 6, 2025
An external control of file name or path vulnerability in the download file function of Soar... High Unreviewed
CVE-2025-48781 was published Jun 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database