GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
578 advisories
Filter by severity
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due...
Critical
Unreviewed
CVE-2024-11150
was published
Nov 13, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39226
was published
Aug 6, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Critical
Unreviewed
CVE-2024-46888
was published
Nov 12, 2024
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is...
Critical
Unreviewed
CVE-2024-10470
was published
Nov 9, 2024
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-10625
was published
Nov 9, 2024
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path...
Critical
Unreviewed
CVE-2024-39332
was published
Oct 31, 2024
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows...
Critical
Unreviewed
CVE-2024-37847
was published
Oct 25, 2024
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The...
Critical
Unreviewed
CVE-2024-5982
was published
Oct 29, 2024
Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow...
Critical
Unreviewed
CVE-2024-41717
was published
Oct 23, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-49286
was published
Oct 20, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the...
Critical
Unreviewed
CVE-2024-4320
was published
Jun 6, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code...
Critical
Unreviewed
CVE-2024-2360
was published
Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows...
Critical
Unreviewed
CVE-2024-2362
was published
Jun 6, 2024
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File...
Critical
Unreviewed
CVE-2019-25213
was published
Oct 16, 2024
A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui...
Critical
Unreviewed
CVE-2024-2624
was published
Jun 6, 2024
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up...
Critical
Unreviewed
CVE-2024-9047
was published
Oct 12, 2024
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39400
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39401
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39402
was published
Aug 13, 2023
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs...
Critical
Unreviewed
CVE-2024-46446
was published
Oct 7, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-44014
was published
Oct 5, 2024
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for...
Critical
Unreviewed
CVE-2024-7950
was published
Sep 4, 2024
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component...
Critical
Unreviewed
CVE-2023-44171
was published
Sep 27, 2023
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component...
Critical
Unreviewed
CVE-2023-44169
was published
Sep 27, 2023
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component...
Critical
Unreviewed
CVE-2023-44170
was published
Sep 27, 2023
ProTip!
Advisories are also available from the
GraphQL API