Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,809
Pub
12
RubyGems
928
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,189 advisories

Loading
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows... Critical Unreviewed
CVE-2025-3621 was published Jul 15, 2025
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7340 was published Jul 15, 2025
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-5393 was published Jul 15, 2025
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7360 was published Jul 15, 2025
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-5394 was published Jul 15, 2025
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7341 was published Jul 15, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
LaRecipe is vulnerable to Server-Side Template Injection attacks Critical
CVE-2025-53833 was published for binarytorch/larecipe (Composer) Jul 14, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node Critical
CVE-2024-52577 was published for org.apache.ignite:ignite-core (Maven) Feb 14, 2025
An attacker was able to bypass the `connect-src` directive of a Content Security Policy by... Critical Unreviewed
CVE-2025-6427 was published Jun 26, 2025
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the... Critical Unreviewed
CVE-2025-6433 was published Jun 26, 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes,... Critical Unreviewed
CVE-2025-47812 was published Jul 10, 2025
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent... Critical Unreviewed
CVE-2024-38648 was published Jul 12, 2025
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `... Critical Unreviewed
CVE-2024-2221 was published Apr 10, 2024
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an... Critical Unreviewed
CVE-2023-38036 was published Jul 12, 2025
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows... Critical Unreviewed
CVE-2024-11167 was published Mar 20, 2025
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2... Critical Unreviewed
CVE-2025-34099 was published Jul 10, 2025
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-7451 was published Jul 14, 2025
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2020-36849 was published Jul 12, 2025
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up... Critical Unreviewed
CVE-2020-36847 was published Jul 12, 2025
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2025-6058 was published Jul 12, 2025
Insufficient input validation leading to memory overread on the NetScaler Management Interface... Critical Unreviewed
CVE-2025-5777 was published Jun 17, 2025
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet... Critical Unreviewed
CVE-2025-7503 was published Jul 11, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Critical Unreviewed
CVE-2025-50121 was published Jul 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database