GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,588

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,318 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed

CVE-2025-12637 was published Nov 11, 2025

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-9334 was published Nov 8, 2025

An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed

CVE-2025-11093 was published Nov 5, 2025

A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed

CVE-2025-60785 was published Nov 3, 2025

The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed

CVE-2025-6990 was published Nov 1, 2025

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed

CVE-2025-10487 was published Nov 1, 2025

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... High Unreviewed

CVE-2025-48984 was published Oct 31, 2025

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code... High Unreviewed

CVE-2025-61196 was published Oct 30, 2025

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve... High Unreviewed

CVE-2025-56399 was published Oct 28, 2025

A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4... High Unreviewed

CVE-2025-61136 was published Oct 23, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed

CVE-2025-60206 was published Oct 22, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last... High Unreviewed

CVE-2025-52756 was published Oct 22, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium... High Unreviewed

CVE-2025-49926 was published Oct 22, 2025

An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker... High Unreviewed

CVE-2025-61488 was published Oct 20, 2025

An low privileged remote attacker with an account for the Web-based management can change the... High Unreviewed

CVE-2025-41699 was published Oct 14, 2025

This vulnerability affects Firefox < 143.0.3. High Unreviewed

CVE-2025-11153 was published Sep 30, 2025

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability High Unreviewed

CVE-2025-59251 was published Sep 24, 2025

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where... High Unreviewed

CVE-2025-23348 was published Sep 24, 2025

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script... High Unreviewed

CVE-2025-23354 was published Sep 24, 2025

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq... High Unreviewed

CVE-2025-23349 was published Sep 24, 2025

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script... High Unreviewed

CVE-2025-23353 was published Sep 24, 2025

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible... High Unreviewed

CVE-2025-57439 was published Sep 22, 2025

Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute... High Unreviewed

CVE-2025-54815 was published Sep 19, 2025

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-10057 was published Sep 17, 2025

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection... High Unreviewed

CVE-2025-8417 was published Sep 11, 2025

Previous1…93 Next

Previous 1 2 3 4 5 … 92 93 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,318 advisories