GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
Mautic vulnerable to Path Traversal via Campaign Import
Critical
CVE-2026-9559
was published
for
mautic/core
(Composer)
Jul 2, 2026
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2026-7515
was published
Jun 19, 2026
Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution
Critical
CVE-2026-41228
was published
for
froxlor/froxlor
(Composer)
Apr 16, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-27065
was published
Mar 19, 2026
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated...
Critical
Unreviewed
CVE-2026-3826
was published
Mar 11, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-28043
was published
Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-22365
was published
Feb 20, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-68545
was published
Feb 20, 2026
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions...
Critical
Unreviewed
CVE-2026-0926
was published
Feb 19, 2026
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows...
Critical
Unreviewed
CVE-2021-47900
was published
Jan 27, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-24531
was published
Jan 23, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-23975
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2026-23978
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-69078
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-63017
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-47474
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-50003
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-54003
was published
Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-49994
was published
Jan 22, 2026
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in...
Critical
Unreviewed
CVE-2025-14502
was published
Jan 14, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-22707
was published
Jan 8, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-22708
was published
Jan 8, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-67920
was published
Jan 8, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-22509
was published
Jan 8, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2025-14359
was published
Jan 8, 2026
ProTip!
Advisories are also available from the
GraphQL API