Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15,529 advisories

Loading
A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected... Moderate Unreviewed
CVE-2025-12238 was published Oct 27, 2025
A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown... Moderate Unreviewed
CVE-2025-12215 was published Oct 27, 2025
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is... Moderate Unreviewed
CVE-2025-12226 was published Oct 27, 2025
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts... Moderate Unreviewed
CVE-2025-12208 was published Oct 27, 2025
LangGraph's SQLite store implementation has a SQL Injection Vulnerability High
CVE-2025-8709 was published for langgraph-checkpoint-sqlite (pip) Oct 26, 2025
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More... High Unreviewed
CVE-2025-11893 was published Oct 25, 2025
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection... High Unreviewed
CVE-2025-4203 was published Oct 25, 2025
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions... High Unreviewed
CVE-2025-9322 was published Oct 25, 2025
The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2025-8416 was published Oct 25, 2025
A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input... Critical Unreviewed
CVE-2025-8536 was published Oct 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-11253 was published Oct 24, 2025
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2025-10740 was published Oct 24, 2025
The RapidResult plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all... Moderate Unreviewed
CVE-2025-10748 was published Oct 24, 2025
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the... Moderate Unreviewed
CVE-2025-61464 was published Oct 23, 2025
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-62015 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-59557 was published Oct 22, 2025
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on... Critical Unreviewed
CVE-2025-57870 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-49931 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Moderate Unreviewed
CVE-2025-49378 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-49915 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Moderate Unreviewed
CVE-2025-48091 was published Oct 22, 2025
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for... Moderate Unreviewed
CVE-2025-10047 was published Oct 22, 2025
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php. Moderate Unreviewed
CVE-2025-61194 was published Oct 21, 2025
Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via... Moderate Unreviewed
CVE-2025-56450 was published Oct 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database