Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint High
CVE-2025-68155 was published for @vitejs/plugin-rsc (npm) Dec 16, 2025
yueyueL Credited to yueyueL
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions... Moderate Unreviewed
CVE-2025-13320 was published Dec 12, 2025
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6... Critical Unreviewed
CVE-2025-65473 was published Dec 11, 2025
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an... Moderate Unreviewed
CVE-2025-67461 was published Dec 10, 2025
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized... High Unreviewed
CVE-2025-59516 was published Dec 9, 2025
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability... High Unreviewed
CVE-2020-36878 was published Dec 5, 2025
Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica... High Unreviewed
CVE-2025-66254 was published Nov 26, 2025
Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66257 was published Nov 26, 2025
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-12529 was published Dec 2, 2025
Better Auth affected by external request basePath modification DoS Low
GHSA-569q-mpph-wgww was published for better-auth (npm) Dec 1, 2025
goksan Credited to goksan
OpenStack's Mistral Client has a local file inclusion vulnerability Moderate
CVE-2021-4472 was published for python-mistralclient (pip) Nov 26, 2025
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13380 was published Nov 25, 2025
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-13322 was published Nov 21, 2025
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and... Moderate Unreviewed
CVE-2025-11973 was published Nov 21, 2025
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard Credited to esnard, elrido, and rugk elrido elrido
rugk rugk
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow... Moderate Unreviewed
CVE-2025-64738 was published Nov 13, 2025
External control of file name or path in certain Zoom Clients may allow an unauthenticated user... Moderate Unreviewed
CVE-2025-64739 was published Nov 13, 2025
TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control... Moderate Unreviewed
CVE-2022-4983 was published Nov 13, 2025
External control of file name or path in Windows WLAN Service allows an authorized attacker to... High Unreviewed
CVE-2025-59511 was published Nov 11, 2025
External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0... Moderate Unreviewed
CVE-2025-20614 was published Nov 11, 2025
It was possible to upload files with a specific name to a temporary directory, which may result... Low Unreviewed
CVE-2025-8998 was published Nov 11, 2025
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11451 was published Nov 11, 2025
A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown... High Unreviewed
CVE-2025-12915 was published Nov 9, 2025
Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile... High Unreviewed
CVE-2020-36868 was published Oct 31, 2025
The go command may execute unexpected commands when operating in untrusted VCS repositories. This... High Unreviewed
CVE-2025-4674 was published Jul 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database