Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

16 advisories

A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application,... Critical Unreviewed
CVE-2024-1600 was published Apr 10, 2024
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704.... Moderate Unreviewed
CVE-2024-0315 was published Jan 15, 2024
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2023-5099 was published Oct 31, 2023
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution... High Unreviewed
CVE-2023-5199 was published Oct 30, 2023
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and... High Unreviewed
CVE-2023-5250 was published Oct 30, 2023
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2023-4488 was published Oct 20, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter Critical
CVE-2015-5467 was published for yiisoft/yii2 (Composer) Sep 21, 2023
Flarum vulnerable to LFI and Blind SSRF via Avatar upload High
CVE-2023-40033 was published for flarum/core (Composer) Aug 16, 2023
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and... Critical Unreviewed
CVE-2023-3452 was published Aug 12, 2023
Cockpit PHP Remote File Inclusion vulnerability Critical
CVE-2023-4195 was published for cockpit-hq/cockpit (Composer) Aug 6, 2023
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request... High Unreviewed
CVE-2023-2249 was published Jun 9, 2023
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. High Unreviewed
CVE-2023-2551 was published May 5, 2023
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. Critical Unreviewed
CVE-2022-4606 was published Dec 18, 2022
PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Critical Unreviewed
CVE-2022-4446 was published Dec 13, 2022
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
Local File read vulnerability in OctoberCMS Moderate
CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020
staz0t
ProTip! Advisories are also available from the GraphQL API