Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

141,953 advisories

Loading
The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12520 was published Nov 7, 2025
The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes... Moderate Unreviewed
CVE-2025-12527 was published Nov 7, 2025
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... Moderate Unreviewed
CVE-2025-4522 was published Nov 7, 2025
A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have... Moderate Unreviewed
CVE-2025-52662 was published Nov 7, 2025
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that... Moderate Unreviewed
CVE-2025-12789 was published Nov 7, 2025
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger... Moderate Unreviewed
CVE-2025-64302 was published Nov 7, 2025
A flaw was found in the 3scale developer portal. This issue can allow account creation or updates... Moderate Unreviewed
CVE-2024-12125 was published Nov 7, 2025
Soft Serve does not sanitize ANSI escape sequences in user input Moderate
CVE-2025-64494 was published for github.com/charmbracelet/soft-serve (Go) Nov 6, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes Moderate
CVE-2025-64437 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate
CVE-2025-64436 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation Moderate
CVE-2025-64435 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing Moderate
CVE-2025-64434 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Arbitrary Container File Read Moderate
CVE-2025-64433 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
containerd CRI server: Host memory exhaustion through Attach goroutine leak Moderate
CVE-2025-64329 was published for github.com/containerd/containerd (Go) Nov 6, 2025
Wheat2018
Credited to Wheat2018
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in... Moderate Unreviewed
CVE-2025-34247 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in... Moderate Unreviewed
CVE-2025-34246 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in... Moderate Unreviewed
CVE-2025-34245 was published Nov 6, 2025
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-33110 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in... Moderate Unreviewed
CVE-2025-34241 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34236 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34237 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via... Moderate Unreviewed
CVE-2025-34238 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in... Moderate Unreviewed
CVE-2025-34244 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in... Moderate Unreviewed
CVE-2025-34243 was published Nov 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database