Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,868 advisories

Loading
The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes... Moderate Unreviewed
CVE-2025-12527 was published Nov 7, 2025
The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing... High Unreviewed
CVE-2025-5483 was published Nov 7, 2025
The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12520 was published Nov 7, 2025
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-12352 was published Nov 7, 2025
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... Moderate Unreviewed
CVE-2025-4522 was published Nov 7, 2025
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... High Unreviewed
CVE-2025-4519 was published Nov 7, 2025
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability... Moderate Unreviewed
CVE-2025-5342 was published Oct 30, 2025
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit... Moderate Unreviewed
CVE-2023-53062 was published May 2, 2025
Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19... Critical Unreviewed
CVE-2025-12275 was published Oct 26, 2025
There is a reflected cross-site scripting (XSS) within JSP files used to control application... Moderate Unreviewed
CVE-2024-12020 was published Mar 14, 2025
In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot... Moderate Unreviewed
CVE-2023-53064 was published May 2, 2025
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU... Low Unreviewed
CVE-2025-12221 was published Oct 25, 2025
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue... Moderate Unreviewed
CVE-2025-57852 was published Sep 30, 2025
A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0... Low Unreviewed
CVE-2025-48985 was published Nov 7, 2025
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass... Low Unreviewed
CVE-2025-8558 was published Nov 3, 2025
A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have... Moderate Unreviewed
CVE-2025-52662 was published Nov 7, 2025
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Critical Unreviewed
CVE-2025-11546 was published Nov 7, 2025
The Automation Scripting functionality can be exploited by attackers to run arbitrary system... High Unreviewed
CVE-2024-54448 was published Mar 14, 2025
The API used to interact with documents in the application contains two endpoints with a flaw... High Unreviewed
CVE-2024-54449 was published Mar 14, 2025
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High
GHSA-52c5-vh7f-26fx was published for prosemirror_to_html (RubyGems) Nov 6, 2025
polypixeldev Luke-Oldenburg
Spone 9021007
Credited to polypixeldev, Luke-Oldenburg, Spone, and 9021007
In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use... Moderate Unreviewed
CVE-2022-49767 was published May 1, 2025
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd Moderate
CVE-2025-7195 was published for github.com/operator-framework/operator-sdk (Go) Aug 7, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case... Critical Unreviewed
CVE-2025-62047 was published Nov 6, 2025
A NULL pointer dereference flaw was found in the GnuTLS software in... Moderate Unreviewed
CVE-2025-6395 was published Jul 10, 2025
In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift... Moderate Unreviewed
CVE-2022-49769 was published May 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database