Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

143,598 advisories

Loading
A vulnerability was detected in ashraf-kabir travel-agency up to... Moderate Unreviewed
CVE-2025-13546 was published Nov 23, 2025
A security vulnerability has been detected in ashraf-kabir travel-agency up to... Moderate Unreviewed
CVE-2025-13545 was published Nov 23, 2025
A weakness has been identified in ashraf-kabir travel-agency up to... Moderate Unreviewed
CVE-2025-13544 was published Nov 23, 2025
The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed
CVE-2025-13136 was published Nov 22, 2025
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed
CVE-2025-13318 was published Nov 22, 2025
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed
CVE-2025-13317 was published Nov 22, 2025
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment... Moderate Unreviewed
CVE-2025-12752 was published Nov 22, 2025
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... Moderate Unreviewed
CVE-2025-12877 was published Nov 22, 2025
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-11186 was published Nov 22, 2025
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple... Moderate Unreviewed
CVE-2025-11936 was published Nov 22, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS... Moderate Unreviewed
CVE-2025-43374 was published Nov 22, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2025-31248 was published Nov 22, 2025
A spoofing issue was addressed with improved truncation when displaying the fully qualified... Moderate Unreviewed
CVE-2025-31266 was published Nov 22, 2025
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly... Moderate Unreviewed
CVE-2025-0504 was published Nov 22, 2025
With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS ... Moderate Unreviewed
CVE-2025-11935 was published Nov 22, 2025
Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on... Moderate Unreviewed
CVE-2025-13524 was published Nov 21, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking... Moderate Unreviewed
CVE-2025-36149 was published Nov 21, 2025
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers,... Moderate Unreviewed
CVE-2025-48502 was published Nov 21, 2025
A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest... Moderate Unreviewed
CVE-2025-29934 was published Nov 21, 2025
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to,... Moderate Unreviewed
CVE-2025-12747 was published Nov 21, 2025
MLX has Wild Pointer Dereference in load_gguf() Moderate
CVE-2025-62609 was published for mlx (pip) Nov 21, 2025
wickgit mmudryi
markiyanch
Credited to wickgit, mmudryi, and markiyanch
MLX has heap-buffer-overflow in load() Moderate
CVE-2025-62608 was published for mlx (pip) Nov 21, 2025
wickgit mmudryi
markiyanch
Credited to wickgit, mmudryi, and markiyanch
Terraform state versions can be created by a user with specific but insufficient permissions in a... Moderate Unreviewed
CVE-2025-13432 was published Nov 21, 2025
Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility... Moderate Unreviewed
CVE-2025-66112 was published Nov 21, 2025
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting... Moderate Unreviewed
CVE-2025-66082 was published Nov 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database