GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Mautic vulnerable to Path Traversal via Campaign Import
Critical
CVE-2026-9559
was published
for
mautic/core
(Composer)
Jul 2, 2026
Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup
High
CVE-2026-44177
was published
for
getkirby/cms
(Composer)
May 26, 2026
Yii 2: Local file inclusion via view parameter name collision
High
CVE-2026-39850
was published
for
yiisoft/yii2
(Composer)
May 11, 2026
Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution
Critical
CVE-2026-41228
was published
for
froxlor/froxlor
(Composer)
Apr 16, 2026
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php
Moderate
CVE-2026-34036
was published
for
dolibarr/dolibarr
(Composer)
Mar 27, 2026
AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)
High
CVE-2026-33513
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Moderate
CVE-2025-64714
was published
for
privatebin/privatebin
(Composer)
Nov 14, 2025
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE
High
CVE-2025-54138
was published
for
librenms/librenms
(Composer)
Jul 21, 2025
Dolibarr has Remote Code Execution Vulnerability (Bypass)
High
GHSA-49xw-hw94-fmv2
was published
for
dolibarr/dolibarr
(Composer)
Jul 21, 2025
Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale
Moderate
CVE-2025-22145
was published
for
nesbot/carbon
(Composer)
Jan 8, 2025
FUXA local file inclusion vulnerability
High
CVE-2023-31718
was published
for
fuxa-server
(npm)
Sep 22, 2023
FUXA vulnerable to Local File Inclusion
High
CVE-2023-31716
was published
for
@frangoteam/fuxa
(npm)
Sep 22, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Critical
CVE-2015-5467
was published
for
yiisoft/yii2
(Composer)
Sep 21, 2023
Flarum vulnerable to LFI and Blind SSRF via Avatar upload
High
CVE-2023-40033
was published
for
flarum/core
(Composer)
Aug 16, 2023
Cockpit PHP Remote File Inclusion vulnerability
Critical
CVE-2023-4195
was published
for
cockpit-hq/cockpit
(Composer)
Aug 6, 2023
Improper file handling in concrete5/core
High
CVE-2021-22968
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Local File read vulnerability in OctoberCMS
Moderate
CVE-2020-5295
was published
for
october/cms
(Composer)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API