GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,574

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,938 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed

CVE-2025-12813 was published Nov 11, 2025

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress... Critical Unreviewed

CVE-2025-11457 was published Nov 11, 2025

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2025-11170 was published Nov 11, 2025

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or... Critical Unreviewed

CVE-2025-42890 was published Nov 11, 2025

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed

CVE-2025-42887 was published Nov 11, 2025

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that... Critical Unreviewed

CVE-2021-4462 was published Nov 11, 2025

In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure... Critical Unreviewed

CVE-2025-64689 was published Nov 10, 2025

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw... Critical Unreviewed

CVE-2025-12480 was published Nov 10, 2025

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability,... Critical Unreviewed

CVE-2025-12868 was published Nov 10, 2025

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing... Critical Unreviewed

CVE-2025-12866 was published Nov 10, 2025

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed

CVE-2020-36870 was published Nov 8, 2025

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed

CVE-2025-10230 was published Nov 7, 2025

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows... Critical Unreviewed

CVE-2025-3222 was published Nov 7, 2025

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz... Critical Unreviewed

CVE-2025-63690 was published Nov 7, 2025

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed

CVE-2025-63691 was published Nov 7, 2025

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit... Critical Unreviewed

CVE-2025-63689 was published Nov 7, 2025

An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit... Critical Unreviewed

CVE-2025-52425 was published Nov 7, 2025

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated... Critical Unreviewed

CVE-2025-34299 was published Nov 7, 2025

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create,... Critical Unreviewed

CVE-2025-10870 was published Nov 7, 2025

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed

CVE-2025-12352 was published Nov 7, 2025

Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Critical Unreviewed

CVE-2025-11546 was published Nov 7, 2025

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code... Critical Unreviewed

CVE-2025-12488 was published Nov 6, 2025

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code... Critical Unreviewed

CVE-2025-12487 was published Nov 6, 2025

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command... Critical Unreviewed

CVE-2022-50596 was published Nov 6, 2025

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP... Critical Unreviewed

CVE-2022-50595 was published Nov 6, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

23,938 advisories