Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
An issue was discovered in Commvault before 11.36.60. A security vulnerability has been... High Unreviewed
CVE-2025-57790 was published Aug 20, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9258 was published Aug 22, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9257 was published Aug 22, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9259 was published Aug 22, 2025
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers... High Unreviewed
CVE-2025-9256 was published Aug 22, 2025
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-9518 was published Sep 4, 2025
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to,... Moderate Unreviewed
CVE-2025-9516 was published Sep 4, 2025
The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-8575 was published Sep 12, 2025
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read Moderate
GHSA-vffh-c9pq-4crh was published for uptime-kuma (npm) Oct 20, 2025
TriangleSnake Credited to TriangleSnake
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... High Unreviewed
CVE-2025-7846 was published Oct 31, 2025
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability... High Unreviewed
CVE-2025-13283 was published Nov 17, 2025
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The... High Unreviewed
CVE-2025-13282 was published Nov 17, 2025
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to... High Unreviewed
CVE-2025-36357 was published Nov 17, 2025
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability,... Moderate Unreviewed
CVE-2025-14253 was published Dec 8, 2025
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does... Critical Unreviewed
CVE-2025-34392 was published Dec 10, 2025
MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 Moderate
CVE-2025-67898 was published for mjml (npm) Dec 15, 2025
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an... Moderate Unreviewed
CVE-2025-14848 was published Dec 18, 2025
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15227 was published Dec 29, 2025
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal... Moderate Unreviewed
CVE-2025-15237 was published Jan 5, 2026
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal... Moderate Unreviewed
CVE-2025-15236 was published Jan 5, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64 Credited to locus-x64
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with... Moderate Unreviewed
CVE-2026-20834 was published Jan 13, 2026
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability,... High Unreviewed
CVE-2026-1018 was published Jan 16, 2026
Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability,... Moderate Unreviewed
CVE-2026-1020 was published Jan 16, 2026
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2026-1330 was published Jan 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database