GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
Mautic vulnerable to Path Traversal via Campaign Import
Critical
CVE-2026-9559
was published
for
mautic/core
(Composer)
Jul 2, 2026
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2026-7515
was published
Jun 19, 2026
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for...
Critical
Unreviewed
CVE-2025-11023
was published
Oct 23, 2025
Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution
Critical
CVE-2026-41228
was published
for
froxlor/froxlor
(Composer)
Apr 16, 2026
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions...
Critical
Unreviewed
CVE-2026-0926
was published
Feb 19, 2026
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion...
Critical
Unreviewed
CVE-2024-10571
was published
Nov 14, 2024
The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all...
Critical
Unreviewed
CVE-2024-3551
was published
May 17, 2024
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up...
Critical
Unreviewed
CVE-2024-2411
was published
Mar 29, 2024
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is...
Critical
Unreviewed
CVE-2023-6989
was published
Feb 6, 2024
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is...
Critical
Unreviewed
CVE-2024-4258
was published
Jun 15, 2024
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and...
Critical
Unreviewed
CVE-2024-4936
was published
Jun 14, 2024
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in...
Critical
Unreviewed
CVE-2024-5577
was published
Jun 14, 2024
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and...
Critical
Unreviewed
CVE-2024-3806
was published
May 14, 2024
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up...
Critical
Unreviewed
CVE-2024-3136
was published
Apr 9, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-27065
was published
Mar 19, 2026
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated...
Critical
Unreviewed
CVE-2026-3826
was published
Mar 11, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-28043
was published
Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-68545
was published
Feb 20, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-22365
was published
Feb 20, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-69078
was published
Jan 22, 2026
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows...
Critical
Unreviewed
CVE-2021-47900
was published
Jan 27, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-54003
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-47474
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-50003
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-24531
was published
Jan 23, 2026
ProTip!
Advisories are also available from the
GraphQL API