Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,117 advisories

Loading
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... Critical Unreviewed
CVE-2025-60957 was published Oct 6, 2025
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11... Critical Unreviewed
CVE-2025-36356 was published Oct 6, 2025
The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler... Critical Unreviewed
CVE-2025-57247 was published Oct 6, 2025
Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on... Critical Unreviewed
CVE-2025-10363 was published Oct 6, 2025
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2023-49886 was published Oct 6, 2025
Flowise vulnerable to RCE via Dynamic function constructor injection Critical
CVE-2025-55346 was published for flowise (npm) Oct 6, 2025
assaf-levkovich-jf
Credited to assaf-levkovich-jf
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component:... Critical Unreviewed
CVE-2025-61882 was published Oct 5, 2025
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper... Critical Unreviewed
CVE-2025-9485 was published Oct 4, 2025
Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel Critical
CVE-2025-50538 was published for flowise (npm) Oct 3, 2025
mikensec
Credited to mikensec
The module will parse a <pattern> node which is not a child of a structural node. The node will... Critical Unreviewed
CVE-2025-10729 was published Oct 3, 2025
When the module renders a Svg file that contains a <pattern> element, it might end up rendering... Critical Unreviewed
CVE-2025-10728 was published Oct 3, 2025
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-9209 was published Oct 3, 2025
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-9286 was published Oct 3, 2025
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is... Critical Unreviewed
CVE-2025-7721 was published Oct 3, 2025
The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter... Critical Unreviewed
CVE-2025-10726 was published Oct 3, 2025
SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability... Critical Unreviewed
CVE-2025-40636 was published Oct 3, 2025
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions... Critical Unreviewed
CVE-2025-6388 was published Oct 3, 2025
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for... Critical Unreviewed
CVE-2025-59407 was published Oct 2, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)... Critical Unreviewed
CVE-2025-34210 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59735 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59736 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59737 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59738 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59740 was published Oct 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database