Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,390 advisories

Loading
An allocation of resources without limits or throttling vulnerability has been reported to affect... Low Unreviewed
CVE-2025-53411 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-52865 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2025-53413 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-53408 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-53412 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a... Low Unreviewed
CVE-2025-57706 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a... High Unreviewed
CVE-2025-54167 was published Nov 7, 2025
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an... Moderate Unreviewed
CVE-2025-12861 was published Nov 7, 2025
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events High
CVE-2025-64496 was published for open-webui (npm) Nov 7, 2025
vitalysim
Credited to vitalysim
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file ... Moderate Unreviewed
CVE-2025-12860 was published Nov 7, 2025
A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown... Moderate Unreviewed
CVE-2025-12856 was published Nov 7, 2025
A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue... Moderate Unreviewed
CVE-2025-12855 was published Nov 7, 2025
A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This... Moderate Unreviewed
CVE-2025-12853 was published Nov 7, 2025
A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The... Moderate Unreviewed
CVE-2025-12857 was published Nov 7, 2025
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2025-34299 was published Nov 7, 2025
A vulnerability has been found in DedeBIZ up to 6.3.2. This impacts an unknown function of the... Moderate Unreviewed
CVE-2025-12859 was published Nov 7, 2025
A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the... Moderate Unreviewed
CVE-2025-12854 was published Nov 7, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 -... High Unreviewed
CVE-2025-10968 was published Nov 7, 2025
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE High
CVE-2025-64495 was published for open-webui (npm) Nov 7, 2025
gg0h
Credited to gg0h
SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create,... Critical Unreviewed
CVE-2025-10870 was published Nov 7, 2025
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router ... Moderate Unreviewed
CVE-2025-46413 was published Nov 7, 2025
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was... Moderate Unreviewed
CVE-2025-10966 was published Nov 7, 2025
The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12520 was published Nov 7, 2025
The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes... Moderate Unreviewed
CVE-2025-12527 was published Nov 7, 2025
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-12352 was published Nov 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database