GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,250
Composer 4,350
Erlang 31
GitHub Actions 22
Go 2,119
Maven 5,292
npm 3,778
NuGet 680
pip 3,459
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,824

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,346 advisories

Filter by severity

Sort by

Least recently updated

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an... Critical Unreviewed

CVE-2025-1107 was published Feb 7, 2025

Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site... Critical Unreviewed

CVE-2025-25107 was published Feb 7, 2025

Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows... Critical Unreviewed

CVE-2025-25106 was published Feb 7, 2025

Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site... Critical Unreviewed

CVE-2025-25101 was published Feb 7, 2025

A security vulnerability has been identified in the IBL Software Engineering Visual Weather and... Critical Unreviewed

CVE-2025-1077 was published Feb 7, 2025

Multiple Elber products are affected by an authentication bypass vulnerability which allows... Critical Unreviewed

CVE-2025-0674 was published Feb 7, 2025

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed

CVE-2025-1061 was published Feb 7, 2025

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >=... Critical Unreviewed

CVE-2025-22992 was published Feb 6, 2025

A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML... Critical Unreviewed

CVE-2024-39272 was published Feb 6, 2025

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists... Critical Unreviewed

CVE-2024-57428 was published Feb 6, 2025

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking... Critical Unreviewed

CVE-2024-57430 was published Feb 6, 2025

Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x,... Critical Unreviewed

CVE-2023-5878 was published Feb 6, 2025

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an... Critical Unreviewed

CVE-2025-0982 was published Feb 6, 2025

OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for... Critical Unreviewed

CVE-2025-1066 was published Feb 6, 2025

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2024-57520 was published Feb 6, 2025

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB... Critical Unreviewed

CVE-2024-51547 was published Feb 6, 2025

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker... Critical Unreviewed

CVE-2024-51450 was published Feb 6, 2025

SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote... Critical Unreviewed

CVE-2020-36084 was published Feb 6, 2025

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid... Critical Unreviewed

CVE-2025-20125 was published Feb 5, 2025

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute... Critical Unreviewed

CVE-2025-20124 was published Feb 5, 2025

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection... Critical Unreviewed

CVE-2025-0665 was published Feb 5, 2025

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute... Critical Unreviewed

CVE-2025-23114 was published Feb 5, 2025

An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2024-48445 was published Feb 5, 2025

AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which... Critical Unreviewed

CVE-2025-0960 was published Feb 4, 2025

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated... Critical Unreviewed

CVE-2025-0364 was published Feb 4, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,346 advisories