Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,353 advisories

Loading
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race... High Unreviewed
CVE-2025-12472 was published Nov 19, 2025
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of... High Unreviewed
CVE-2025-11230 was published Nov 19, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-13206 was published Nov 19, 2025
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and... High Unreviewed
CVE-2025-12484 was published Nov 19, 2025
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed
CVE-2025-13035 was published Nov 19, 2025
Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers. High Unreviewed
CVE-2025-12056 was published Nov 19, 2025
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper... High Unreviewed
CVE-2025-11446 was published Nov 19, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6... High Unreviewed
CVE-2025-11243 was published Nov 19, 2025
If kdcproxy receives a request for a realm which does not have server addresses defined in its... High Unreviewed
CVE-2025-59088 was published Nov 12, 2025
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2025-13145 was published Nov 19, 2025
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear'... High Unreviewed
CVE-2025-12646 was published Nov 19, 2025
DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a... High Unreviewed
CVE-2025-12852 was published Nov 19, 2025
Arbitrary Code Execution in pdfminer.six via Crafted PDF Input High
CVE-2025-64512 was published for pdfminer.six (pip) Nov 7, 2025
mtolley
Credited to mtolley
glob CLI: Command injection via -c/--cmd executes matches with shell:true High
CVE-2025-64756 was published for glob (npm) Nov 17, 2025
Gyde04 aisle-research
G-Rath bchew qwilr-altonius llwslc EinfachHans skremiec AlanGreene isaacs
Credited to Gyde04, aisle-research, G-Rath, bchew, qwilr-altonius, llwslc, EinfachHans, skremiec, AlanGreene, and isaacs
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys setharnold
Credited to tlm, wallyworld, hpidcock, Fedqys, and setharnold
A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of... High Unreviewed
CVE-2025-63955 was published Nov 18, 2025
A vulnerability in the SSH restricted shell interface of the network management services allows... High Unreviewed
CVE-2025-37155 was published Nov 18, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-58034 was published Nov 18, 2025
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for... High Unreviewed
CVE-2023-51767 was published Dec 24, 2023
In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect... High Unreviewed
CVE-2022-50163 was published Jun 18, 2025
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix... High Unreviewed
CVE-2022-50164 was published Jun 18, 2025
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger... High Unreviewed
CVE-2025-38267 was published Jul 10, 2025
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check... High Unreviewed
CVE-2025-38369 was published Jul 25, 2025
In the Linux kernel, the following vulnerability has been resolved: fuse: fix runtime warning on... High Unreviewed
CVE-2025-38357 was published Jul 25, 2025
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check... High Unreviewed
CVE-2025-38366 was published Jul 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database