Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,760 advisories

Loading
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2025-14324 was published Dec 9, 2025
The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack... Moderate Unreviewed
CVE-2025-65829 was published Dec 10, 2025
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665.... Moderate Unreviewed
CVE-2025-13786 was published Nov 30, 2025
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the... Moderate Unreviewed
CVE-2025-36938 was published Dec 11, 2025
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up... Moderate Unreviewed
CVE-2025-14166 was published Dec 12, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwn Cycloctane
Credited to zeropwn and Cycloctane
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects... Moderate Unreviewed
CVE-2025-12843 was published Dec 12, 2025
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
RubenHalman
Credited to RubenHalman
MineAdmin has an insecure default password Critical
CVE-2025-65854 was published for mineadmin/mineadmin (Composer) Dec 12, 2025
The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2025-14539 was published Dec 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database