GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,700
Composer 5,025
Erlang 39
GitHub Actions 38
Go 2,660
Maven 6,115
npm 4,289
NuGet 760
pip 4,069
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,644

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

27,504 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2025-48290 was published Nov 6, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2025-48089 was published Nov 6, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2025-48330 was published Nov 6, 2025

Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local... Critical Unreviewed

CVE-2025-39467 was published Nov 6, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2025-39468 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed

CVE-2025-47588 was published Nov 6, 2025

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite... Critical Unreviewed

CVE-2025-48086 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed

CVE-2025-32222 was published Nov 6, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2025-39463 was published Nov 6, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2025-39466 was published Nov 6, 2025

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed

CVE-2025-63334 was published Nov 5, 2025

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed

CVE-2025-63416 was published Nov 5, 2025

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed

CVE-2025-55343 was published Nov 5, 2025

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed

CVE-2025-56231 was published Nov 5, 2025

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A... Critical Unreviewed

CVE-2025-45378 was published Nov 5, 2025

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with... Critical Unreviewed

CVE-2025-46364 was published Nov 5, 2025

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could... Critical Unreviewed

CVE-2025-20354 was published Nov 5, 2025

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted... Critical Unreviewed

CVE-2025-61304 was published Nov 5, 2025

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an... Critical Unreviewed

CVE-2025-63601 was published Nov 5, 2025

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could... Critical Unreviewed

CVE-2025-20358 was published Nov 5, 2025

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. Critical

CVE-2025-64459 was published for django (pip) Nov 5, 2025

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr&#39... Critical Unreviewed

CVE-2025-46705 was published Nov 5, 2025

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format... Critical Unreviewed

CVE-2025-46784 was published Nov 5, 2025

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr&... Critical Unreviewed

CVE-2025-47151 was published Nov 5, 2025

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature... Critical Unreviewed

CVE-2025-46404 was published Nov 5, 2025

Previous 1…6…400 Next

Previous 1 2 3 4 5 6 7 8 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

27,504 advisories