Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,507 advisories

Loading
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr&... Critical Unreviewed
CVE-2025-47151 was published Nov 5, 2025
A denial of service vulnerability exists in the lasso_node_init_from_message_with_format... Critical Unreviewed
CVE-2025-46784 was published Nov 5, 2025
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature... Critical Unreviewed
CVE-2025-46404 was published Nov 5, 2025
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read... Critical Unreviewed
CVE-2025-55108 was published Nov 5, 2025
The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-12674 was published Nov 5, 2025
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Critical Unreviewed
CVE-2025-11749 was published Nov 5, 2025
The Survision LPR Camera system does not enforce password protection by default. This allows... Critical Unreviewed
CVE-2025-12108 was published Nov 4, 2025
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly... Critical Unreviewed
CVE-2025-54863 was published Nov 4, 2025
Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the... Critical Unreviewed
CVE-2025-61945 was published Nov 4, 2025
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions,... Critical Unreviewed
CVE-2025-61956 was published Nov 4, 2025
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript... Critical Unreviewed
CVE-2025-12682 was published Nov 4, 2025
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution ... Critical Unreviewed
CVE-2025-12493 was published Nov 4, 2025
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-12158 was published Nov 4, 2025
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a... Critical Unreviewed
CVE-2025-11007 was published Nov 4, 2025
The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Critical Unreviewed
CVE-2025-11008 was published Nov 4, 2025
Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an... Critical Unreviewed
CVE-2024-13997 was published Nov 4, 2025
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
liamjones conorfitch
Credited to Malayke, cylewaitforit, liamjones, and conorfitch
An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras... Critical Unreviewed
CVE-2025-12463 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. Critical Unreviewed
CVE-2025-63451 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. Critical Unreviewed
CVE-2025-63453 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. Critical Unreviewed
CVE-2025-63452 was published Nov 3, 2025
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to,... Critical Unreviewed
CVE-2025-8900 was published Nov 3, 2025
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand... Critical Unreviewed
CVE-2025-0987 was published Nov 3, 2025
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2... Critical Unreviewed
CVE-2025-12599 was published Nov 1, 2025
Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1... Critical Unreviewed
CVE-2025-12600 was published Nov 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database