Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,769 advisories

Loading
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable... High Unreviewed
CVE-2024-13738 was published May 3, 2025
A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical.... Moderate Unreviewed
CVE-2025-4218 was published May 2, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics... High Unreviewed
CVE-2025-2421 was published May 2, 2025
Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a... Moderate Unreviewed
CVE-2024-13420 was published May 2, 2025
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
Credited to GamrayW, HyouKash, and AdrienIT
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-45947 was published Apr 28, 2025
OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Moderate Unreviewed
CVE-2023-42404 was published Apr 28, 2025
Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET... Moderate Unreviewed
CVE-2024-32499 was published Apr 28, 2025
IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because... Critical Unreviewed
CVE-2025-46661 was published Apr 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper... Low Unreviewed
CVE-2025-23376 was published Apr 28, 2025
A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical.... Moderate Unreviewed
CVE-2025-4022 was published Apr 28, 2025
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code... Critical Unreviewed
CVE-2015-2079 was published Apr 28, 2025
Apereo CAS code injection vulnerability Low
CVE-2025-3984 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0.... Moderate Unreviewed
CVE-2025-3982 was published Apr 27, 2025
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE... High Unreviewed
CVE-2025-46579 was published Apr 27, 2025
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in... Moderate Unreviewed
CVE-2024-13812 was published Apr 26, 2025
The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to... High Unreviewed
CVE-2025-3491 was published Apr 26, 2025
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin... High Unreviewed
CVE-2025-2801 was published Apr 26, 2025
The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in... High Unreviewed
CVE-2024-13808 was published Apr 26, 2025
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository High
CVE-2025-3641 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository High
CVE-2025-3642 was published for moodle/moodle (Composer) Apr 25, 2025
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code... High Unreviewed
CVE-2025-3776 was published Apr 24, 2025
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user... High Unreviewed
CVE-2025-1976 was published Apr 24, 2025
A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR... Moderate Unreviewed
CVE-2025-0618 was published Apr 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database