Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

139,831 advisories

Loading
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-44867 was published May 2, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-44866 was published May 2, 2025
Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an... Moderate Unreviewed
CVE-2025-46629 was published May 2, 2025
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a... Moderate Unreviewed
CVE-2025-32884 was published May 2, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there... Moderate Unreviewed
CVE-2025-32885 was published May 2, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets... Moderate Unreviewed
CVE-2025-32886 was published May 2, 2025
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a... Moderate Unreviewed
CVE-2025-32890 was published May 2, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-44860 was published May 2, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-44861 was published May 2, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-44863 was published May 2, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-44862 was published May 2, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a... Moderate Unreviewed
CVE-2025-32882 was published May 2, 2025
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there... Moderate Unreviewed
CVE-2025-32883 was published May 2, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the... Moderate Unreviewed
CVE-2025-32881 was published May 2, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-2488 was published May 2, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows... Moderate Unreviewed
CVE-2024-11142 was published May 2, 2025
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-13860 was published May 2, 2025
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-13858 was published May 2, 2025
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-13859 was published May 2, 2025
In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the... Moderate Unreviewed
CVE-2025-47201 was published May 2, 2025
The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2025-3488 was published May 2, 2025
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing... Moderate Unreviewed
CVE-2025-1326 was published May 2, 2025
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions... Moderate Unreviewed
CVE-2025-1327 was published May 2, 2025
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-3438 was published May 2, 2025
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-3510 was published May 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database