Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

113,776 advisories

Loading
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-11967 was published Nov 8, 2025
The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2025-12399 was published Nov 8, 2025
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is... High Unreviewed
CVE-2025-12099 was published Nov 8, 2025
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9334 was published Nov 8, 2025
The Smart Auto Upload Images plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12161 was published Nov 8, 2025
The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE[... High Unreviewed
CVE-2025-11452 was published Nov 8, 2025
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the... High Unreviewed
CVE-2025-37736 was published Nov 8, 2025
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when... High Unreviewed
CVE-2025-9900 was published Sep 23, 2025
Magento affected by a server-side denial-of-service using a GraphQL field High
CVE-2021-36044 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension High
CVE-2021-36043 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to file upload attack High
CVE-2021-36041 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution via a file upload High
CVE-2021-36034 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an os command injection via the Data collection endpoint High
CVE-2021-36024 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability High
CVE-2021-36032 was published for magento/community-edition (Composer) May 24, 2022
ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High
GHSA-vfpf-xmwh-8m65 was published for prosemirror_to_html (RubyGems) Nov 7, 2025
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc High
GHSA-f83h-ghpp-7wcc was published for pdfminer.six (pip) Nov 7, 2025
sumanrox
Credited to sumanrox
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer High
CVE-2025-64439 was published for langgraph-checkpoint (pip) Nov 5, 2025
joernchen
Credited to joernchen
IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering High
CVE-2025-64431 was published for github.com/zitadel/zitadel (Go) Nov 5, 2025
livio-a stebenz
Credited to livio-a and stebenz
Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing... High Unreviewed
CVE-2025-54711 was published Nov 6, 2025
In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global... High Unreviewed
CVE-2022-49804 was published May 1, 2025
In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in... High Unreviewed
CVE-2022-49811 was published May 1, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53585 was published Nov 6, 2025
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under... High Unreviewed
CVE-2025-36186 was published Nov 7, 2025
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This... High Unreviewed
CVE-2025-12863 was published Nov 7, 2025
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory... High Unreviewed
CVE-2022-49799 was published May 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database