Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,809
Erlang
36
GitHub Actions
31
Go
2,393
Maven
5,000+
npm
4,026
NuGet
720
pip
3,818
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,280 advisories

Loading
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e... Critical Unreviewed
CVE-2025-34068 was published Jul 15, 2025
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware... Critical Unreviewed
CVE-2025-34103 was published Jul 15, 2025
An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior... Critical Unreviewed
CVE-2025-34104 was published Jul 15, 2025
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss... Critical Unreviewed
CVE-2025-34105 was published Jul 15, 2025
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows,... Critical Unreviewed
CVE-2025-34110 was published Jul 15, 2025
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version... Critical Unreviewed
CVE-2025-34111 was published Jul 15, 2025
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral... Critical Unreviewed
CVE-2025-34112 was published Jul 15, 2025
An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions... Critical Unreviewed
CVE-2025-52376 was published Jul 15, 2025
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows... Critical Unreviewed
CVE-2025-3621 was published Jul 15, 2025
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-5393 was published Jul 15, 2025
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-5394 was published Jul 15, 2025
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7341 was published Jul 15, 2025
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7340 was published Jul 15, 2025
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin... Critical Unreviewed
CVE-2025-7360 was published Jul 15, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
LaRecipe is vulnerable to Server-Side Template Injection attacks Critical
CVE-2025-53833 was published for binarytorch/larecipe (Composer) Jul 14, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node Critical
CVE-2024-52577 was published for org.apache.ignite:ignite-core (Maven) Feb 14, 2025
An attacker was able to bypass the `connect-src` directive of a Content Security Policy by... Critical Unreviewed
CVE-2025-6427 was published Jun 26, 2025
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the... Critical Unreviewed
CVE-2025-6433 was published Jun 26, 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes,... Critical Unreviewed
CVE-2025-47812 was published Jul 10, 2025
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent... Critical Unreviewed
CVE-2024-38648 was published Jul 12, 2025
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `... Critical Unreviewed
CVE-2024-2221 was published Apr 10, 2024
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an... Critical Unreviewed
CVE-2023-38036 was published Jul 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database