GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,028
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,353
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,625

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

4,030 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed

CVE-2025-14539 was published Dec 13, 2025

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects... Moderate Unreviewed

CVE-2025-12843 was published Dec 12, 2025

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up... Moderate Unreviewed

CVE-2025-14166 was published Dec 12, 2025

In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the... Moderate Unreviewed

CVE-2025-36938 was published Dec 11, 2025

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before... High Unreviewed

CVE-2025-55313 was published Dec 11, 2025

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows... High Unreviewed

CVE-2024-58284 was published Dec 11, 2025

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025... Critical Unreviewed

CVE-2025-65294 was published Dec 11, 2025

The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack... Moderate Unreviewed

CVE-2025-65829 was published Dec 10, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give... High Unreviewed

CVE-2025-66533 was published Dec 9, 2025

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed

CVE-2025-42880 was published Dec 9, 2025

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &... Moderate Unreviewed

CVE-2025-13642 was published Dec 9, 2025

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox <... Critical Unreviewed

CVE-2025-14324 was published Dec 9, 2025

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user... High Unreviewed

CVE-2025-65271 was published Dec 8, 2025

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution... Critical Unreviewed

CVE-2025-13486 was published Dec 3, 2025

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute... Critical Unreviewed

CVE-2025-13658 was published Dec 2, 2025

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’... High Unreviewed

CVE-2024-39148 was published Dec 1, 2025

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665.... Moderate Unreviewed

CVE-2025-13786 was published Nov 30, 2025

In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is... Moderate Unreviewed

CVE-2025-59302 was published Nov 27, 2025

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components,... High Unreviewed

CVE-2025-33204 was published Nov 25, 2025

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed

CVE-2025-6389 was published Nov 25, 2025

Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a... High Unreviewed

CVE-2025-12120 was published Nov 20, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed

CVE-2025-10703 was published Nov 19, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed

CVE-2025-10702 was published Nov 19, 2025

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed

CVE-2025-13035 was published Nov 19, 2025

The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks... Moderate Unreviewed

CVE-2025-63693 was published Nov 18, 2025

Previous1…162 Next

Previous 1 2 3 4 5 … 161 162 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

4,030 advisories