Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Better Auth affected by external request basePath modification DoS Low
GHSA-569q-mpph-wgww was published for better-auth (npm) Dec 1, 2025
goksan
Credited to goksan
It was possible to upload files with a specific name to a temporary directory, which may result... Low Unreviewed
CVE-2025-8998 was published Nov 11, 2025
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup... Low Unreviewed
CVE-2025-10306 was published Oct 3, 2025
A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous... Low Unreviewed
CVE-2025-10043 was published Sep 5, 2025
External control of file name or path in Windows Storage allows an authorized attacker to perform... Low Unreviewed
CVE-2025-49760 was published Jul 8, 2025
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress... Low Unreviewed
CVE-2025-1911 was published Mar 26, 2025
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file... Low Unreviewed
CVE-2025-1972 was published Mar 22, 2025
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary... Low Unreviewed
CVE-2024-13922 was published Mar 20, 2025
Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path Low
GHSA-6vrw-mpj8-3j59 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file... Low Unreviewed
CVE-2024-10672 was published Nov 12, 2024
Weblate vulnerable to improper sanitization of project backups Low
CVE-2024-39303 was published for Weblate (pip) Jul 1, 2024
quehill
Credited to quehill
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
Credited to staz0t
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database