Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal Critical
CVE-2024-10902 was published for dbgpt (pip) Mar 20, 2025
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti... Critical Unreviewed
CVE-2024-38657 was published Feb 21, 2025
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource... Critical Unreviewed
CVE-2024-9142 was published Sep 25, 2024
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and... Critical Unreviewed
CVE-2024-8517 was published Sep 6, 2024
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the... Critical Unreviewed
CVE-2024-0087 was published May 14, 2024
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28394 was published Mar 20, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis Credited to Blaklis, ErwanGuillon, and bsweeney ErwanGuillon ErwanGuillon
bsweeney bsweeney
A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN... Critical Unreviewed
CVE-2023-47862 was published Jan 10, 2024
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote... Critical Unreviewed
CVE-2023-4634 was published Sep 6, 2023
A vulnerability, which was classified as problematic, has been found in sternenseemann... Critical Unreviewed
CVE-2014-125059 was published Jan 7, 2023
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This... Critical Unreviewed
CVE-2014-125044 was published Jan 5, 2023
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. Critical Unreviewed
CVE-2022-45213 was published Jan 1, 2023
There are multiple API function codes that permit reading and writing data to or from files and... Critical Unreviewed
CVE-2021-38477 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database