Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

713 advisories

Loading
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions... Critical Unreviewed
CVE-2024-13545 was published Jan 24, 2025
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39786 was published Jan 14, 2025
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39787 was published Jan 14, 2025
The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite... Critical Unreviewed
CVE-2024-11642 was published Jan 9, 2025
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability Critical
CVE-2024-56198 was published for path-sanitizer (npm) Jan 2, 2025
realArcherL
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all... Critical Unreviewed
CVE-2021-26102 was published Dec 19, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component... Critical Unreviewed
CVE-2024-55515 was published Dec 17, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The... Critical Unreviewed
CVE-2024-55516 was published Dec 17, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component... Critical Unreviewed
CVE-2024-55513 was published Dec 17, 2024
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could... Critical Unreviewed
CVE-2024-11992 was published Nov 29, 2024
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may... Critical Unreviewed
CVE-2024-53676 was published Nov 27, 2024
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-52333 was published Nov 22, 2024
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2023-51639 was published Nov 22, 2024
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2024-52771 was published Nov 20, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11312 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11314 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11315 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11313 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11311 was published Nov 18, 2024
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over... Critical Unreviewed
CVE-2024-50648 was published Nov 15, 2024
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Critical Unreviewed
CVE-2024-50649 was published Nov 15, 2024
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... Critical Unreviewed
CVE-2024-11150 was published Nov 13, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Critical Unreviewed
CVE-2024-46888 was published Nov 12, 2024
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is... Critical Unreviewed
CVE-2024-10470 was published Nov 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database