GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,071
Composer 5,087
Erlang 40
GitHub Actions 38
Go 2,757
Maven 6,173
npm 4,364
NuGet 766
pip 4,130
Pub 12
RubyGems 961
Rust 1,070
Swift 45

Unreviewed advisories

All unreviewed 281,211

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

281,211 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-68062 was published Dec 16, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-68068 was published Dec 16, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-68067 was published Dec 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-68076 was published Dec 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-68080 was published Dec 16, 2025

Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate... Moderate Unreviewed

CVE-2025-68071 was published Dec 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-68079 was published Dec 16, 2025

Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows... Moderate Unreviewed

CVE-2025-68085 was published Dec 16, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick... Moderate Unreviewed

CVE-2025-68083 was published Dec 16, 2025

Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows... Moderate Unreviewed

CVE-2025-68086 was published Dec 16, 2025

Missing Authorization vulnerability in merkulove Modalier for Elementor modalier-elementor allows... Moderate Unreviewed

CVE-2025-68087 was published Dec 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-68078 was published Dec 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-68070 was published Dec 16, 2025

Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows... Moderate Unreviewed

CVE-2025-68084 was published Dec 16, 2025

Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side... Moderate Unreviewed

CVE-2025-67989 was published Dec 16, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed

CVE-2025-67999 was published Dec 16, 2025

Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush... Moderate Unreviewed

CVE-2025-68082 was published Dec 16, 2025

Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp... Moderate Unreviewed

CVE-2025-64639 was published Dec 16, 2025

Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce... Moderate Unreviewed

CVE-2025-64638 was published Dec 16, 2025

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed

CVE-2025-67948 was published Dec 16, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed

CVE-2025-67962 was published Dec 16, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed

CVE-2025-67950 was published Dec 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-67912 was published Dec 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-67951 was published Dec 16, 2025

Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting... Moderate Unreviewed

CVE-2025-67965 was published Dec 16, 2025

Previous 1…15…400 Next

Previous 1 2 … 13 14 15 16 17 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

281,211 advisories