Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,798 advisories

Loading
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was... Critical Unreviewed
CVE-2025-25953 was published Mar 3, 2025
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft... Critical Unreviewed
CVE-2025-27583 was published Mar 3, 2025
The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and... Critical Unreviewed
CVE-2025-1564 was published Mar 1, 2025
The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-1671 was published Mar 1, 2025
The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-1638 was published Mar 1, 2025
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation... Critical Unreviewed
CVE-2024-12824 was published Mar 1, 2025
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows... Critical Unreviewed
CVE-2025-27554 was published Mar 1, 2025
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-23115 was published Mar 1, 2025
An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge... Critical Unreviewed
CVE-2025-23116 was published Mar 1, 2025
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-25379 was published Mar 1, 2025
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2... Critical Unreviewed
CVE-2025-0159 was published Feb 28, 2025
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-jg6f-48ff-5xrw was published for github.com/cosmos/ibc-go (Go) Feb 28, 2025
swelf19
Application does not limit the number or frequency of user interactions, such as the number of... Critical Unreviewed
CVE-2025-22273 was published Feb 28, 2025
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx).... Critical Unreviewed
CVE-2025-1413 was published Feb 28, 2025
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local... Critical Unreviewed
CVE-2024-9193 was published Feb 28, 2025
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads... Critical Unreviewed
CVE-2024-8425 was published Feb 28, 2025
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed
CVE-2024-8420 was published Feb 28, 2025
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or... Critical Unreviewed
CVE-2025-1744 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. Critical Unreviewed
CVE-2024-37567 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. Critical Unreviewed
CVE-2024-36047 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 executes with more privileges than required. Critical Unreviewed
CVE-2024-36046 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. Critical Unreviewed
CVE-2024-37566 was published Feb 28, 2025
Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded... Critical Unreviewed
CVE-2025-25570 was published Feb 28, 2025
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. Critical Unreviewed
CVE-2025-26325 was published Feb 28, 2025
In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible,... Critical Unreviewed
CVE-2024-38292 was published Feb 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database