Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104,444 advisories

Loading
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site... High Unreviewed
CVE-2024-11640 was published Mar 8, 2025
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file... High Unreviewed
CVE-2024-13359 was published Mar 8, 2025
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2025-1323 was published Mar 8, 2025
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin... High Unreviewed
CVE-2024-11087 was published Mar 8, 2025
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-13908 was published Mar 8, 2025
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit... High Unreviewed
CVE-2024-13882 was published Mar 8, 2025
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation... High Unreviewed
CVE-2024-13835 was published Mar 8, 2025
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2024-13890 was published Mar 8, 2025
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu... High Unreviewed
CVE-2025-2097 was published Mar 8, 2025
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows... High Unreviewed
CVE-2025-27822 was published Mar 8, 2025
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability.... High Unreviewed
CVE-2025-2024 was published Mar 7, 2025
In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of... High Unreviewed
CVE-2022-49720 was published Mar 7, 2025
Horcrux Double Sign Possibility High
GHSA-6wxf-7784-62fp was published for github.com/strangelove-ventures/horcrux/v3 (Go) Mar 7, 2025
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE... High Unreviewed
CVE-2025-0162 was published Mar 7, 2025
An improper certificate validation vulnerability has been reported to affect Helpdesk. If... High Unreviewed
CVE-2024-50394 was published Mar 7, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-53693 was published Mar 7, 2025
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect... High Unreviewed
CVE-2024-53694 was published Mar 7, 2025
A command injection vulnerability has been reported to affect QHora. If exploited, the... High Unreviewed
CVE-2024-50390 was published Mar 7, 2025
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability High
CVE-2025-24043 was published for dotnet-debugger-extensions (NuGet) Mar 7, 2025
hoyosjs
com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public High
CVE-2025-27604 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
Vue I18n Allows Prototype Pollution in `handleFlatJson` High
CVE-2025-27597 was published for @intlify/core (npm) Mar 7, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability... High Unreviewed
CVE-2025-1886 was published Mar 7, 2025
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This... High Unreviewed
CVE-2025-1887 was published Mar 7, 2025
The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a... High Unreviewed
CVE-2024-13668 was published Mar 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database