Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Local File read vulnerability in OctoberCMS Moderate
CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020
staz0t Credited to staz0t
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
Cockpit PHP Remote File Inclusion vulnerability Critical
CVE-2023-4195 was published for cockpit-hq/cockpit (Composer) Aug 6, 2023
Flarum vulnerable to LFI and Blind SSRF via Avatar upload High
CVE-2023-40033 was published for flarum/core (Composer) Aug 16, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter Critical
CVE-2015-5467 was published for yiisoft/yii2 (Composer) Sep 21, 2023
FUXA local file inclusion vulnerability High
CVE-2023-31718 was published for fuxa-server (npm) Sep 22, 2023
FUXA vulnerable to Local File Inclusion High
CVE-2023-31716 was published for @frangoteam/fuxa (npm) Sep 22, 2023
Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale Moderate
CVE-2025-22145 was published for nesbot/carbon (Composer) Jan 8, 2025
Dolibarr has Remote Code Execution Vulnerability (Bypass) High
GHSA-49xw-hw94-fmv2 was published for dolibarr/dolibarr (Composer) Jul 21, 2025
wh0amitz Credited to wh0amitz
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE High
CVE-2025-54138 was published for librenms/librenms (Composer) Jul 21, 2025
skraft9 Credited to skraft9
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard Credited to esnard, elrido, and rugk elrido elrido
rugk rugk
AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP) High
CVE-2026-33513 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php Moderate
CVE-2026-34036 was published for dolibarr/dolibarr (Composer) Mar 27, 2026
cnf409 Credited to cnf409
Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution Critical
CVE-2026-41228 was published for froxlor/froxlor (Composer) Apr 16, 2026
offset Credited to offset
Yii 2: Local file inclusion via view parameter name collision High
CVE-2026-39850 was published for yiisoft/yii2 (Composer) May 11, 2026
khuroohamid Credited to khuroohamid
Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup High
CVE-2026-44177 was published for getkirby/cms (Composer) May 26, 2026
offset Credited to offset
Mautic vulnerable to Path Traversal via Campaign Import Critical
CVE-2026-9559 was published for mautic/core (Composer) Jul 2, 2026
nglong05 Credited to nglong05, f3nrir77, escopecz, patrykgruszka, and LeuchtfeuerDigitalMarketing f3nrir77 f3nrir77
escopecz escopecz patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
ProTip! Advisories are also available from the GraphQL API