GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,242
Composer 4,809
Erlang 36
GitHub Actions 31
Go 2,393
Maven 5,777
npm 4,026
NuGet 720
pip 3,818
Pub 12
RubyGems 932
Rust 988
Swift 38

Unreviewed advisories

All unreviewed 263,484

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

26,280 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds... Critical Unreviewed

CVE-2025-50240 was published Jul 17, 2025

Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). ... Critical Unreviewed

CVE-2025-50067 was published Jul 15, 2025

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed

CVE-2025-7444 was published Jul 18, 2025

The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed

CVE-2025-7643 was published Jul 18, 2025

The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User... Critical Unreviewed

CVE-2025-6222 was published Jul 18, 2025

Livewire is vulnerable to remote command execution during component property update hydration Critical

CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to... Critical Unreviewed

CVE-2025-23266 was published Jul 17, 2025

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying... Critical Unreviewed

CVE-2025-53964 was published Jul 17, 2025

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort... Critical Unreviewed

CVE-2025-51630 was published Jul 17, 2025

DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users Critical

CVE-2024-10835 was published for dbgpt (pip) Mar 20, 2025

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the... Critical Unreviewed

CVE-2024-51211 was published Nov 8, 2024

File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute... Critical Unreviewed

CVE-2022-39983 was published Feb 23, 2023

An improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed

CVE-2025-25257 was published Jul 17, 2025

The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed

CVE-2025-7712 was published Jul 17, 2025

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up... Critical Unreviewed

CVE-2025-5396 was published Jul 17, 2025

An unauthenticated command injection vulnerability exists in the cookie handling process of the... Critical Unreviewed

CVE-2025-34125 was published Jul 17, 2025

A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a... Critical Unreviewed

CVE-2025-34127 was published Jul 17, 2025

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to... Critical Unreviewed

CVE-2025-34132 was published Jul 17, 2025

An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station... Critical Unreviewed

CVE-2025-34121 was published Jul 16, 2025

A remote code execution vulnerability exists in multiple Netcore and Netis routers models with... Critical Unreviewed

CVE-2025-34117 was published Jul 16, 2025

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the... Critical Unreviewed

CVE-2025-50756 was published Jul 14, 2025

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5... Critical Unreviewed

CVE-2025-25034 was published Jun 20, 2025

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed

CVE-2025-20337 was published Jul 16, 2025

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module Critical

CVE-2022-42122 was published for com.liferay.portal:release.dxp.bom (Maven) Nov 15, 2022

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through... Critical Unreviewed

CVE-2024-47572 was published Jan 14, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

26,280 advisories