Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,387 advisories

Loading
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-12352 was published Nov 7, 2025
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Critical Unreviewed
CVE-2025-11546 was published Nov 7, 2025
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code... Critical Unreviewed
CVE-2025-12487 was published Nov 6, 2025
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code... Critical Unreviewed
CVE-2025-12488 was published Nov 6, 2025
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP... Critical Unreviewed
CVE-2022-50592 was published Nov 6, 2025
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of... Critical Unreviewed
CVE-2022-50589 was published Nov 6, 2025
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command... Critical Unreviewed
CVE-2022-50596 was published Nov 6, 2025
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP... Critical Unreviewed
CVE-2022-50595 was published Nov 6, 2025
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP... Critical Unreviewed
CVE-2022-50593 was published Nov 6, 2025
Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king... Critical Unreviewed
CVE-2025-6325 was published Nov 6, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for... Critical Unreviewed
CVE-2025-6327 was published Nov 6, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for... Critical Unreviewed
CVE-2025-62065 was published Nov 6, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case... Critical Unreviewed
CVE-2025-62047 was published Nov 6, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search &... Critical Unreviewed
CVE-2025-62064 was published Nov 6, 2025
Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration... Critical Unreviewed
CVE-2025-60195 was published Nov 6, 2025
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2025-63334 was published Nov 5, 2025
** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed
CVE-2025-63416 was published Nov 5, 2025
Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed
CVE-2025-55343 was published Nov 5, 2025
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed
CVE-2025-56231 was published Nov 5, 2025
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with... Critical Unreviewed
CVE-2025-46364 was published Nov 5, 2025
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A... Critical Unreviewed
CVE-2025-45378 was published Nov 5, 2025
A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could... Critical Unreviewed
CVE-2025-20358 was published Nov 5, 2025
A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could... Critical Unreviewed
CVE-2025-20354 was published Nov 5, 2025
OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted... Critical Unreviewed
CVE-2025-61304 was published Nov 5, 2025
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an... Critical Unreviewed
CVE-2025-63601 was published Nov 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database