Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,991 advisories

Loading
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital... Moderate Unreviewed
CVE-2025-40703 was published Aug 29, 2025
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital... Moderate Unreviewed
CVE-2025-40706 was published Aug 29, 2025
The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to,... Moderate Unreviewed
CVE-2025-9217 was published Aug 29, 2025
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all... Moderate Unreviewed
CVE-2025-7383 was published Aug 29, 2025
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in... Low Unreviewed
CVE-2025-9071 was published Aug 29, 2025
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions... Moderate Unreviewed
CVE-2025-7071 was published Aug 29, 2025
Payload's SQLite adapter Session Fixation vulnerability Moderate
CVE-2025-4644 was published for @payloadcms/graphql (npm) Aug 29, 2025
Payload does not invalidate JWTs after log out Moderate
CVE-2025-4643 was published for @payloadcms/graphql (npm) Aug 29, 2025
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-8150 was published Aug 29, 2025
Improper neutralization of input during web page generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-13987 was published Aug 29, 2025
Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is... Moderate Unreviewed
CVE-2025-54777 was published Aug 29, 2025
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing... High Unreviewed
CVE-2025-9639 was published Aug 29, 2025
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If... High Unreviewed
CVE-2025-53508 was published Aug 29, 2025
The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-9374 was published Aug 29, 2025
The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ... Moderate Unreviewed
CVE-2025-9441 was published Aug 29, 2025
The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-8290 was published Aug 29, 2025
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to... Moderate Unreviewed
CVE-2025-8147 was published Aug 29, 2025
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-8619 was published Aug 29, 2025
A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is... Moderate Unreviewed
CVE-2025-9619 was published Aug 29, 2025
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information... High Unreviewed
CVE-2025-53507 was published Aug 29, 2025
A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue... Moderate Unreviewed
CVE-2025-9610 was published Aug 29, 2025
A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown... Moderate Unreviewed
CVE-2025-9609 was published Aug 29, 2025
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2025-8861 was published Aug 29, 2025
Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed
CVE-2025-8857 was published Aug 29, 2025
Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing... High Unreviewed
CVE-2025-8858 was published Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database