GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,054
Composer 4,791
Erlang 36
GitHub Actions 29
Go 2,373
Maven 5,681
npm 3,998
NuGet 720
pip 3,801
Pub 12
RubyGems 927
Rust 984
Swift 38

Unreviewed advisories

All unreviewed 262,078

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22,820 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed

CVE-2025-4606 was published Jul 9, 2025

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML... Critical Unreviewed

CVE-2025-49796 was published Jun 16, 2025

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath... Critical Unreviewed

CVE-2025-49794 was published Jun 16, 2025

An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep... Critical Unreviewed

CVE-2025-34084 was published Jul 9, 2025

An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to... Critical Unreviewed

CVE-2025-34085 was published Jul 9, 2025

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that... Critical Unreviewed

CVE-2025-34077 was published Jul 9, 2025

An unrestricted file upload vulnerability exists in the WordPress AIT CSV Import/Export plugin ≤... Critical Unreviewed

CVE-2025-34083 was published Jul 9, 2025

Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of... Critical Unreviewed

CVE-2025-49533 was published Jul 9, 2025

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion... Critical Unreviewed

CVE-2025-4855 was published Jul 9, 2025

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed

CVE-2025-4828 was published Jul 9, 2025

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data... Critical Unreviewed

CVE-2025-27203 was published Jul 9, 2025

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing... Critical Unreviewed

CVE-2025-37103 was published Jul 8, 2025

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction... Critical Unreviewed

CVE-2025-49535 was published Jul 8, 2025

Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension... Critical Unreviewed

CVE-2025-53495 was published Jul 7, 2025

: Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension... Critical Unreviewed

CVE-2025-53499 was published Jul 7, 2025

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080,... Critical Unreviewed

CVE-2025-47202 was published Jul 7, 2025

employee record management system in php and mysql v1 was discovered to contain a SQL injection... Critical Unreviewed

CVE-2025-45065 was published Jul 7, 2025

Insufficient security mechanisms for created containers in educoder challenges v1.0 allow... Critical Unreviewed

CVE-2025-45479 was published Jul 7, 2025

LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. Critical Unreviewed

CVE-2024-25176 was published Jul 7, 2025

LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c Critical Unreviewed

CVE-2024-25178 was published Jul 7, 2025

flask-boilerplate through a170e7c allows account takeover via the password reset feature because... Critical Unreviewed

CVE-2025-43931 was published Jul 7, 2025

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME... Critical Unreviewed

CVE-2025-43933 was published Jul 7, 2025

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because... Critical Unreviewed

CVE-2025-43932 was published Jul 7, 2025

Hashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not... Critical Unreviewed

CVE-2025-43930 was published Jul 7, 2025

User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) ... Critical Unreviewed

CVE-2025-53484 was published Jul 4, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

22,820 advisories