Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,798 advisories

Loading
Under certain circumstances, a user opt-in setting that Focus should require authentication... Critical Unreviewed
CVE-2025-1941 was published Mar 4, 2025
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable... Critical Unreviewed
CVE-2025-1932 was published Mar 4, 2025
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that... Critical Unreviewed
CVE-2025-22224 was published Mar 4, 2025
The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing... Critical Unreviewed
CVE-2025-1307 was published Mar 4, 2025
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions... Critical Unreviewed
CVE-2025-0912 was published Mar 4, 2025
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker... Critical Unreviewed
CVE-2025-26206 was published Mar 3, 2025
Missing Authorization vulnerability in NotFound Residential Address Detection allows Privilege... Critical Unreviewed
CVE-2025-27270 was published Mar 3, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-27268 was published Mar 3, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme... Critical Unreviewed
CVE-2025-26970 was published Mar 3, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-26988 was published Mar 3, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-25150 was published Mar 3, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-26535 was published Mar 3, 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the ... Critical Unreviewed
CVE-2025-1872 was published Mar 3, 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the ... Critical Unreviewed
CVE-2025-1874 was published Mar 3, 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the ... Critical Unreviewed
CVE-2025-1871 was published Mar 3, 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the ... Critical Unreviewed
CVE-2025-1869 was published Mar 3, 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the ... Critical Unreviewed
CVE-2025-1870 was published Mar 3, 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the ... Critical Unreviewed
CVE-2025-1873 was published Mar 3, 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the ... Critical Unreviewed
CVE-2025-1875 was published Mar 3, 2025
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Critical Unreviewed
CVE-2025-1867 was published Mar 3, 2025
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat... Critical Unreviewed
CVE-2025-1866 was published Mar 3, 2025
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in... Critical Unreviewed
CVE-2025-1864 was published Mar 3, 2025
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account Critical
CVE-2025-27590 was published for oxidized-web (RubyGems) Mar 3, 2025
In wlan AP FW, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed
CVE-2025-20646 was published Mar 3, 2025
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt... Critical Unreviewed
CVE-2025-25948 was published Mar 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database