GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,600
Composer 5,005
Erlang 39
GitHub Actions 38
Go 2,635
Maven 6,103
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,378

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,910 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search &... Critical Unreviewed

CVE-2025-62064 was published Nov 6, 2025

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration... Critical Unreviewed

CVE-2025-60195 was published Nov 6, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7... Critical Unreviewed

CVE-2025-53283 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed

CVE-2025-49372 was published Nov 6, 2025

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed

CVE-2025-63334 was published Nov 5, 2025

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed

CVE-2025-63416 was published Nov 5, 2025

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed

CVE-2025-55343 was published Nov 5, 2025

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed

CVE-2025-56231 was published Nov 5, 2025

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with... Critical Unreviewed

CVE-2025-46364 was published Nov 5, 2025

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A... Critical Unreviewed

CVE-2025-45378 was published Nov 5, 2025

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could... Critical Unreviewed

CVE-2025-20354 was published Nov 5, 2025

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted... Critical Unreviewed

CVE-2025-61304 was published Nov 5, 2025

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an... Critical Unreviewed

CVE-2025-63601 was published Nov 5, 2025

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could... Critical Unreviewed

CVE-2025-20358 was published Nov 5, 2025

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr&#39... Critical Unreviewed

CVE-2025-46705 was published Nov 5, 2025

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format... Critical Unreviewed

CVE-2025-46784 was published Nov 5, 2025

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr&... Critical Unreviewed

CVE-2025-47151 was published Nov 5, 2025

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature... Critical Unreviewed

CVE-2025-46404 was published Nov 5, 2025

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read... Critical Unreviewed

CVE-2025-55108 was published Nov 5, 2025

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed

CVE-2025-12674 was published Nov 5, 2025

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Critical Unreviewed

CVE-2025-11749 was published Nov 5, 2025

The Survision LPR Camera system does not enforce password protection by default. This allows... Critical Unreviewed

CVE-2025-12108 was published Nov 4, 2025

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly... Critical Unreviewed

CVE-2025-54863 was published Nov 4, 2025

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions,... Critical Unreviewed

CVE-2025-61956 was published Nov 4, 2025

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the... Critical Unreviewed

CVE-2025-61945 was published Nov 4, 2025

Previous 12…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

23,910 advisories