GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,464
Composer 5,137
Erlang 40
GitHub Actions 38
Go 2,831
Maven 6,209
npm 4,462
NuGet 775
pip 4,226
Pub 12
RubyGems 972
Rust 1,093
Swift 47

Unreviewed advisories

All unreviewed 286,074

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

24,603 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file... Critical Unreviewed

CVE-2025-14829 was published Jan 13, 2026

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability... Critical Unreviewed

CVE-2026-0491 was published Jan 13, 2026

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials... Critical Unreviewed

CVE-2026-0501 was published Jan 13, 2026

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager ... Critical Unreviewed

CVE-2026-0500 was published Jan 13, 2026

SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a... Critical Unreviewed

CVE-2026-0498 was published Jan 13, 2026

A vulnerability has been identified in the ServiceNow AI Platform that could enable an... Critical Unreviewed

CVE-2025-12420 was published Jan 13, 2026

Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686... Critical Unreviewed

CVE-2025-29329 was published Jan 13, 2026

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the ... Critical Unreviewed

CVE-2025-67146 was published Jan 13, 2026

Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution).... Critical Unreviewed

CVE-2025-66802 was published Jan 12, 2026

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via... Critical Unreviewed

CVE-2025-67147 was published Jan 12, 2026

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0... Critical Unreviewed

CVE-2025-51567 was published Jan 12, 2026

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges Critical Unreviewed

CVE-2025-46066 was published Jan 12, 2026

An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2025-46070 was published Jan 12, 2026

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7... Critical Unreviewed

CVE-2025-63314 was published Jan 12, 2026

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz... Critical Unreviewed

CVE-2025-65552 was published Jan 12, 2026

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘... Critical Unreviewed

CVE-2025-41006 was published Jan 12, 2026

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote... Critical Unreviewed

CVE-2025-52694 was published Jan 12, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on... Critical Unreviewed

CVE-2026-22584 was published Jan 10, 2026

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command... Critical Unreviewed

CVE-2025-69425 was published Jan 9, 2026

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link... Critical Unreviewed

CVE-2025-69542 was published Jan 9, 2026

EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName... Critical Unreviewed

CVE-2025-70161 was published Jan 9, 2026

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code... Critical Unreviewed

CVE-2020-36875 was published Jan 9, 2026

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded... Critical Unreviewed

CVE-2025-69426 was published Jan 9, 2026

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login... Critical Unreviewed

CVE-2025-14598 was published Jan 9, 2026

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any... Critical Unreviewed

CVE-2025-66050 was published Jan 9, 2026

Previous 1…4…400 Next

Previous 1 2 3 4 5 6 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

24,603 advisories