Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,490 advisories

Loading
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects... Critical Unreviewed
CVE-2025-13022 was published Nov 11, 2025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects... Critical Unreviewed
CVE-2025-13021 was published Nov 11, 2025
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated... Critical Unreviewed
CVE-2025-8324 was published Nov 11, 2025
Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR... Critical Unreviewed
CVE-2017-20210 was published Nov 11, 2025
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information... Critical Unreviewed
CVE-2025-12539 was published Nov 11, 2025
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed
CVE-2025-12813 was published Nov 11, 2025
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-11170 was published Nov 11, 2025
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress... Critical Unreviewed
CVE-2025-11457 was published Nov 11, 2025
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed
CVE-2025-42887 was published Nov 11, 2025
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or... Critical Unreviewed
CVE-2025-42890 was published Nov 11, 2025
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that... Critical Unreviewed
CVE-2021-4462 was published Nov 11, 2025
Soft Serve is vulnerable to SSRF through its Webhooks Critical
CVE-2025-64522 was published for github.com/charmbracelet/soft-serve (Go) Nov 10, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure... Critical Unreviewed
CVE-2025-64689 was published Nov 10, 2025
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw... Critical Unreviewed
CVE-2025-12480 was published Nov 10, 2025
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability,... Critical Unreviewed
CVE-2025-12868 was published Nov 10, 2025
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing... Critical Unreviewed
CVE-2025-12866 was published Nov 10, 2025
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed
CVE-2020-36870 was published Nov 8, 2025
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed
CVE-2025-10230 was published Nov 7, 2025
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz... Critical Unreviewed
CVE-2025-63690 was published Nov 7, 2025
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed
CVE-2025-63691 was published Nov 7, 2025
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit... Critical Unreviewed
CVE-2025-63689 was published Nov 7, 2025
Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows... Critical Unreviewed
CVE-2025-3222 was published Nov 7, 2025
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit... Critical Unreviewed
CVE-2025-52425 was published Nov 7, 2025
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2025-34299 was published Nov 7, 2025
SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create,... Critical Unreviewed
CVE-2025-10870 was published Nov 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database