Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,034
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

36 advisories

Loading
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-7846 was published Oct 31, 2025
The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-8575 was published Sep 12, 2025
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-9518 was published Sep 4, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9256 was published Aug 22, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9257 was published Aug 22, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9259 was published Aug 22, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9258 was published Aug 22, 2025
An issue was discovered in Commvault before 11.36.60. A security vulnerability has been... High Unreviewed
CVE-2025-57790 was published Aug 20, 2025
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability,... High Unreviewed
CVE-2025-8912 was published Aug 13, 2025
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability,... High Unreviewed
CVE-2025-8909 was published Aug 13, 2025
The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2025-8213 was published Jul 31, 2025
The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all... High Unreviewed
CVE-2025-6381 was published Jun 28, 2025
The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-5927 was published Jun 26, 2025
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack... High Unreviewed
CVE-2025-4799 was published Jun 11, 2025
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal... High Unreviewed
CVE-2025-36574 was published Jun 10, 2025
Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if... High Unreviewed
CVE-2024-13945 was published May 23, 2025
Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP... High Unreviewed
CVE-2025-2410 was published May 22, 2025
Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended... High Unreviewed
CVE-2024-48850 was published May 22, 2025
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files... High Unreviewed
CVE-2024-48248 was published Mar 4, 2025
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application... High Unreviewed
CVE-2024-12646 was published Dec 16, 2024
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up... High Unreviewed
CVE-2024-12644 was published Dec 16, 2024
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application... High Unreviewed
CVE-2024-12643 was published Dec 16, 2024
DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote... High Unreviewed
CVE-2024-11978 was published Nov 29, 2024
Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read... High Unreviewed
CVE-2024-8497 was published Sep 25, 2024
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers... High Unreviewed
CVE-2024-28806 was published Jul 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database