Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,809
Erlang
36
GitHub Actions
31
Go
2,393
Maven
5,000+
npm
4,026
NuGet
720
pip
3,818
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,280 advisories

Loading
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability,... Critical Unreviewed
CVE-2025-7918 was published Jul 21, 2025
Due to insufficient verification, an attacker could use a malicious client to bypass... Critical Unreviewed
CVE-2024-6107 was published Jul 21, 2025
Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing... Critical Unreviewed
CVE-2025-7921 was published Jul 21, 2025
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote... Critical Unreviewed
CVE-2025-7343 was published Jul 21, 2025
WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability,... Critical Unreviewed
CVE-2025-7916 was published Jul 21, 2025
The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2015-10138 was published Jul 19, 2025
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2016-15043 was published Jul 19, 2025
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2015-10135 was published Jul 19, 2025
The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2012-10019 was published Jul 19, 2025
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for... Critical Unreviewed
CVE-2025-7696 was published Jul 19, 2025
The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for... Critical Unreviewed
CVE-2025-7697 was published Jul 19, 2025
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud... Critical Unreviewed
CVE-2025-29757 was published Jul 19, 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used,... Critical Unreviewed
CVE-2025-54309 was published Jul 18, 2025
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the... Critical Unreviewed
CVE-2025-25567 was published Mar 12, 2025
SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the... Critical Unreviewed
CVE-2025-25568 was published Mar 12, 2025
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert... Critical Unreviewed
CVE-2025-25565 was published Mar 12, 2025
A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and... Critical Unreviewed
CVE-2025-7395 was published Jul 19, 2025
Jeecg-boot vulnerable to SQL Injection Critical
CVE-2022-45206 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString Critical
CVE-2022-45207 was published for org.jeecgframework.boot:jeecg-module-system (Maven) Nov 25, 2022
achibear
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in... Critical Unreviewed
CVE-2025-52046 was published Jul 17, 2025
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker... Critical Unreviewed
CVE-2025-47158 was published Jul 18, 2025
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49747 was published Jul 18, 2025
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49746 was published Jul 18, 2025
PowerJob vulnerable to incorrect access control Critical
CVE-2023-29924 was published for tech.powerjob:powerjob (Maven) Apr 21, 2023
achibear
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022 withdrawn
dsten56
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database