GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,915

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

301,518 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes... Moderate Unreviewed

CVE-2025-9061 was published Sep 9, 2025

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode... Moderate Unreviewed

CVE-2025-9489 was published Sep 9, 2025

The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes... Moderate Unreviewed

CVE-2025-9058 was published Sep 9, 2025

The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files,... Moderate Unreviewed

CVE-2025-8889 was published Sep 9, 2025

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could... Critical Unreviewed

CVE-2025-42944 was published Sep 9, 2025

Due to missing input validation, an attacker with high privilege access to ABAP reports could... High Unreviewed

CVE-2025-42929 was published Sep 9, 2025

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an... Moderate Unreviewed

CVE-2025-42938 was published Sep 9, 2025

Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin Moderate

CVE-2025-43778 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 9, 2025

Liferay Portal exposes 500 status when attempting login with a deleted client secret Moderate

CVE-2025-43777 was published for com.liferay:com.liferay.portal.security.sso.openid.connect.impl (Maven) Sep 9, 2025

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker... Moderate Unreviewed

CVE-2025-42926 was published Sep 9, 2025

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce... High Unreviewed

CVE-2025-42933 was published Sep 9, 2025

SAP Business Planning and Consolidation allows an authenticated standard user to call a function... Moderate Unreviewed

CVE-2025-42930 was published Sep 9, 2025

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw... Critical Unreviewed

CVE-2025-42922 was published Sep 9, 2025

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP... Moderate Unreviewed

CVE-2025-42925 was published Sep 9, 2025

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable... Low Unreviewed

CVE-2025-42927 was published Sep 9, 2025

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the... Critical Unreviewed

CVE-2025-42958 was published Sep 9, 2025

A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is... Moderate Unreviewed

CVE-2025-10123 was published Sep 9, 2025

Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated... Moderate Unreviewed

CVE-2025-42923 was published Sep 9, 2025

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file... Moderate Unreviewed

CVE-2025-10122 was published Sep 9, 2025

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an... Low Unreviewed

CVE-2025-42913 was published Sep 9, 2025

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin... Moderate Unreviewed

CVE-2025-10121 was published Sep 9, 2025

Due to missing input validation, an attacker with high privilege access to ABAP reports could... High Unreviewed

CVE-2025-42916 was published Sep 9, 2025

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an... Moderate Unreviewed

CVE-2025-42920 was published Sep 9, 2025

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an... Moderate Unreviewed

CVE-2025-10117 was published Sep 9, 2025

SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an... Moderate Unreviewed

CVE-2025-42912 was published Sep 9, 2025

Previous 1…370…400 Next

Previous 1 2 … 368 369 370 371 372 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

301,518 advisories