Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,490 advisories

Loading
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft... Critical Unreviewed
CVE-2025-58636 was published Nov 6, 2025
Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin... Critical Unreviewed
CVE-2025-58595 was published Nov 6, 2025
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core... Critical Unreviewed
CVE-2025-58627 was published Nov 6, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-52773 was published Nov 6, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7... Critical Unreviewed
CVE-2025-53283 was published Nov 6, 2025
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier... Critical Unreviewed
CVE-2025-53214 was published Nov 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-53252 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection... Critical Unreviewed
CVE-2025-53242 was published Nov 6, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-48089 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed
CVE-2025-49372 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve... Critical Unreviewed
CVE-2025-49386 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets... Critical Unreviewed
CVE-2025-49393 was published Nov 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-48330 was published Nov 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-48290 was published Nov 6, 2025
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local... Critical Unreviewed
CVE-2025-39467 was published Nov 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-39468 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed
CVE-2025-47588 was published Nov 6, 2025
Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite... Critical Unreviewed
CVE-2025-48086 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed
CVE-2025-32222 was published Nov 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-39466 was published Nov 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-39463 was published Nov 6, 2025
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2025-63334 was published Nov 5, 2025
** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed
CVE-2025-63416 was published Nov 5, 2025
Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed
CVE-2025-55343 was published Nov 5, 2025
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed
CVE-2025-56231 was published Nov 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database