GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,537
Composer 4,454
Erlang 33
GitHub Actions 22
Go 2,153
Maven 5,330
npm 3,818
NuGet 693
pip 3,492
Pub 12
RubyGems 902
Rust 903
Swift 38

Unreviewed advisories

All unreviewed 246,984

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,607 advisories

Filter by severity

Sort by

Least recently updated

The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed

CVE-2025-0177 was published Mar 8, 2025

The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed

CVE-2025-1315 was published Mar 7, 2025

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed

CVE-2024-12876 was published Mar 7, 2025

A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting... Critical Unreviewed

CVE-2025-27816 was published Mar 7, 2025

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed

CVE-2025-1475 was published Mar 7, 2025

crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system... Critical Unreviewed

CVE-2025-25763 was published Mar 6, 2025

An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of... Critical Unreviewed

CVE-2025-25361 was published Mar 6, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-12144 was published Mar 6, 2025

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform... Critical Unreviewed

CVE-2025-25632 was published Mar 5, 2025

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition... Critical Unreviewed

CVE-2024-12799 was published Mar 5, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-13147 was published Mar 5, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-12097 was published Mar 5, 2025

FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index... Critical Unreviewed

CVE-2025-25789 was published Mar 5, 2025

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS... Critical Unreviewed

CVE-2025-25790 was published Mar 5, 2025

An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2... Critical Unreviewed

CVE-2025-25784 was published Mar 5, 2025

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component ... Critical Unreviewed

CVE-2025-25785 was published Mar 5, 2025

The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and... Critical Unreviewed

CVE-2024-12281 was published Mar 5, 2025

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and... Critical Unreviewed

CVE-2025-25015 was published Mar 5, 2025

The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed

CVE-2025-1515 was published Mar 5, 2025

The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all... Critical Unreviewed

CVE-2024-11951 was published Mar 5, 2025

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection... Critical Unreviewed

CVE-2024-13787 was published Mar 5, 2025

An unauthenticated remote attacker can use hard-coded credentials to gain full administration... Critical Unreviewed

CVE-2025-1393 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27666 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27667 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27668 was published Mar 5, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,607 advisories