Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

281,021 advisories

Loading
phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input... Moderate Unreviewed
CVE-2025-28074 was published May 8, 2025
A vulnerability classified as critical has been found in PHPGurukul Employee Record Management... Moderate Unreviewed
CVE-2025-5837 was published Jun 7, 2025
A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2025-5836 was published Jun 7, 2025
Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py. High Unreviewed
CVE-2025-49619 was published Jun 7, 2025
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2025-5528 was published Jun 7, 2025
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce... Moderate Unreviewed
CVE-2024-9993 was published Jun 7, 2025
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple... Moderate Unreviewed
CVE-2025-5568 was published Jun 7, 2025
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce... Moderate Unreviewed
CVE-2024-9994 was published Jun 7, 2025
The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL... High Unreviewed
CVE-2025-5303 was published Jun 7, 2025
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted... Unknown Unreviewed
CVE-2025-5399 was published Jun 7, 2025
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2025-5814 was published Jun 7, 2025
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation... High Unreviewed
CVE-2025-47601 was published Jun 7, 2025
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation Moderate
CVE-2025-49128 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 7, 2025
lucasdrufva gwittel
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39507 was published May 16, 2025
AngularJS Incomplete Filtering of Special Elements vulnerability Moderate
CVE-2025-2336 was published for angular-sanitize (npm) Jun 4, 2025
users may append `root` to group listings High
CVE-2025-5791 was published for users (Rust) Jun 5, 2025
Duplicate Advisory: users may append `root` to group listings High
GHSA-jq8x-v7jw-v675 was published for users (Rust) Jun 6, 2025 withdrawn
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven cgurnik
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
SpiceDB checks involving relations with caveats can result in no permission when permission is expected Low
CVE-2025-49011 was published for github.com/authzed/spicedb (Go) Jun 6, 2025
miparnisari
A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified... Moderate Unreviewed
CVE-2025-5663 was published Jun 5, 2025
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0.... Moderate Unreviewed
CVE-2025-5659 was published Jun 5, 2025
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution ... High Unreviewed
CVE-2024-22900 was published Feb 2, 2024
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected... High Unreviewed
CVE-2025-5572 was published Jun 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database