Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,117 advisories

Loading
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by... Critical Unreviewed
CVE-2025-42937 was published Oct 14, 2025
Due to missing verification of file type or content, SAP Supplier Relationship Management allows... Critical Unreviewed
CVE-2025-42910 was published Oct 14, 2025
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise... Critical Unreviewed
CVE-2025-37729 was published Oct 13, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-6919 was published Oct 13, 2025
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform... Critical Unreviewed
CVE-2025-9976 was published Oct 13, 2025
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker... Critical Unreviewed
CVE-2025-9265 was published Oct 13, 2025
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design... Critical Unreviewed
CVE-2025-6439 was published Oct 11, 2025
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-6553 was published Oct 11, 2025
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,... Critical Unreviewed
CVE-2025-11533 was published Oct 11, 2025
In modem, there is a possible system crash due to improper input validation. This could lead to... Critical Unreviewed
CVE-2025-31718 was published Oct 11, 2025
In modem, there is a possible system crash due to improper input validation. This could lead to... Critical Unreviewed
CVE-2025-31717 was published Oct 11, 2025
Happy DOM: VM Context Escape can lead to Remote Code Execution Critical
CVE-2025-61927 was published for happy-dom (npm) Oct 10, 2025
Mas0nShi
Credited to Mas0nShi
JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main... Critical Unreviewed
CVE-2025-60269 was published Oct 10, 2025
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege... Critical Unreviewed
CVE-2025-60306 was published Oct 10, 2025
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily... Critical Unreviewed
CVE-2025-6519 was published Oct 10, 2025
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE Critical
CVE-2025-10284 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
TheTechromancer
Credited to justinsteven, liquidsec, and TheTechromancer
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59246 was published Oct 9, 2025
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59218 was published Oct 9, 2025
Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem'... Critical Unreviewed
CVE-2025-35050 was published Oct 9, 2025
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin... Critical Unreviewed
CVE-2025-60316 was published Oct 9, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2017-20203 was published Oct 9, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59974 was published Oct 9, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59978 was published Oct 9, 2025
Better Auth: Unauthenticated API key creation through api-key plugin Critical
CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025
etiennelunetta
Credited to etiennelunetta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database