Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,440 advisories

Loading
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. Critical Unreviewed
CVE-2025-63451 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. Critical Unreviewed
CVE-2025-63452 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. Critical Unreviewed
CVE-2025-63453 was published Nov 3, 2025
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
Credited to Malayke and cylewaitforit
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to,... Critical Unreviewed
CVE-2025-8900 was published Nov 3, 2025
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand... Critical Unreviewed
CVE-2025-0987 was published Nov 3, 2025
Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1... Critical Unreviewed
CVE-2025-12601 was published Nov 1, 2025
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2... Critical Unreviewed
CVE-2025-12599 was published Nov 1, 2025
Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1... Critical Unreviewed
CVE-2025-12600 was published Nov 1, 2025
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for... Critical Unreviewed
CVE-2025-11499 was published Nov 1, 2025
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for... Critical Unreviewed
CVE-2025-11833 was published Nov 1, 2025
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in... Critical Unreviewed
CVE-2025-64348 was published Oct 31, 2025
Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU... Critical Unreviewed
CVE-2025-12553 was published Oct 31, 2025
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1... Critical Unreviewed
CVE-2025-29270 was published Oct 31, 2025
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the... Critical Unreviewed
CVE-2025-64385 was published Oct 31, 2025
Denial of service of the web server through specific requests to this protocol Critical Unreviewed
CVE-2025-64388 was published Oct 31, 2025
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in... Critical Unreviewed
CVE-2025-57108 was published Oct 31, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-6520 was published Oct 31, 2025
The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor... Critical Unreviewed
CVE-2025-8489 was published Oct 31, 2025
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up... Critical Unreviewed
CVE-2025-5397 was published Oct 31, 2025
Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin.... Critical Unreviewed
CVE-2025-34284 was published Oct 31, 2025
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core... Critical Unreviewed
CVE-2025-34286 was published Oct 31, 2025
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code... Critical Unreviewed
CVE-2025-48983 was published Oct 31, 2025
A malicious actor with access to the management network could exploit a misconfiguration in UniFi... Critical Unreviewed
CVE-2025-52665 was published Oct 31, 2025
Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor... Critical Unreviewed
CVE-2025-34249 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database