Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,769 advisories

Loading
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress... Critical Unreviewed
CVE-2025-13377 was published Dec 6, 2025
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-12673 was published Dec 6, 2025
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account... Critical Unreviewed
CVE-2025-34291 was published Dec 6, 2025
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2020-36877 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key... Critical Unreviewed
CVE-2025-34256 was published Dec 5, 2025
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login ... Critical Unreviewed
CVE-2025-12374 was published Dec 5, 2025
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset... Critical Unreviewed
CVE-2025-13313 was published Dec 5, 2025
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in... Critical Unreviewed
CVE-2025-66571 was published Dec 4, 2025
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library. Critical Unreviewed
CVE-2025-29268 was published Dec 4, 2025
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2... Critical Unreviewed
CVE-2025-63362 was published Dec 4, 2025
Apache Tika has XXE vulnerability Critical
CVE-2025-66516 was published for org.apache.tika:tika-core (Maven) Dec 4, 2025
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an... Critical Unreviewed
CVE-2025-53963 was published Dec 4, 2025
The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are... Critical Unreviewed
CVE-2025-54303 was published Dec 4, 2025
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are... Critical Unreviewed
CVE-2025-54304 was published Dec 4, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation... Critical Unreviewed
CVE-2024-45538 was published Dec 4, 2025
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial... Critical Unreviewed
CVE-2025-65868 was published Dec 3, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Critical Unreviewed
CVE-2025-64055 was published Dec 3, 2025
React Server Components are Vulnerable to RCE Critical
GHSA-fmh4-wr37-44fp was published for @vitejs/plugin-rsc (npm) Dec 3, 2025
React Server Components are Vulnerable to RCE Critical
CVE-2025-55182 was published for react-server-dom-parcel (npm) Dec 3, 2025
lachlan2k PiotrBorowski
nozo-moto leogasparini mtorp mnahkies mswilson AsapHogFtw
Credited to lachlan2k, PiotrBorowski, nozo-moto, leogasparini, mtorp, mnahkies, mswilson, and AsapHogFtw
Next.js is vulnerable to RCE in React flight protocol Critical
GHSA-9qr9-h5gf-34mp was published for next (npm) Dec 3, 2025
lachlan2k bytera
larskaare mswilson conorfitch tockn yusuke-koyoshi bottarocarlo jcburgo
Credited to lachlan2k, bytera, larskaare, mswilson, conorfitch, tockn, yusuke-koyoshi, bottarocarlo, and jcburgo
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8... Critical Unreviewed
CVE-2025-34319 was published Dec 3, 2025
Step CA Has Authorization Bypass in ACME and SCEP Provisioners Critical
CVE-2025-44005 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed
CVE-2025-65267 was published Dec 3, 2025
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification... Critical Unreviewed
CVE-2025-13342 was published Dec 3, 2025
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions... Critical Unreviewed
CVE-2025-13390 was published Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database