Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,117 advisories

Loading
Flowise is vulnerable to arbitrary file write through its WriteFileTool Critical
CVE-2025-61913 was published for flowise (npm) Oct 9, 2025
XlabAITeam
Credited to XlabAITeam
scio is vunerable to Remote Command Execution through PyTorch Critical
GHSA-m9mp-6x32-5rhg was published for scio-pypi (pip) Oct 9, 2025
eliegoudout
Credited to eliegoudout
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication... Critical Unreviewed
CVE-2025-11522 was published Oct 9, 2025
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... Critical Unreviewed
CVE-2025-7526 was published Oct 9, 2025
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... Critical Unreviewed
CVE-2025-7634 was published Oct 9, 2025
The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘event_venue’... Critical Unreviewed
CVE-2025-10586 was published Oct 9, 2025
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and... Critical Unreviewed
CVE-2017-20202 was published Oct 9, 2025
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry... Critical Unreviewed
CVE-2017-20201 was published Oct 9, 2025
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability... Critical Unreviewed
CVE-2025-36636 was published Oct 8, 2025
Melis Platform CMS Unauthenticated Admin Account Creation Critical
CVE-2025-10352 was published for melisplatform/melis-core (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
Melis Platform CMS Unauthenticated File Upload Leading to RCE Critical
CVE-2025-10353 was published for melisplatform/melis-cms-slider (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
Melis Platform CMS SQL Injection Critical
CVE-2025-10351 was published for melisplatform/melis-cms (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category... Critical Unreviewed
CVE-2025-10587 was published Oct 8, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2025-34252 was published Oct 7, 2025
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext... Critical Unreviewed
CVE-2025-44823 was published Oct 7, 2025
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0... Critical Unreviewed
CVE-2025-11462 was published Oct 7, 2025
Akka.Remote TLS did not properly implement certificate-based authentication Critical
CVE-2025-61778 was published for Akka.Cluster (NuGet) Oct 7, 2025
Aaronontheweb
Credited to Aaronontheweb
A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online... Critical Unreviewed
CVE-2025-52021 was published Oct 7, 2025
Improper Resource Locking vulnerability in B&R Industrial Automation Automation Runtime.This... Critical Unreviewed
CVE-2025-3450 was published Oct 7, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-0603 was published Oct 7, 2025
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte
Credited to Atom1cByte
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API Critical
CVE-2025-52472 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Oct 6, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... Critical Unreviewed
CVE-2025-60965 was published Oct 6, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... Critical Unreviewed
CVE-2025-60964 was published Oct 6, 2025
A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows... Critical Unreviewed
CVE-2025-57515 was published Oct 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database