Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,409 advisories

Loading
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket... Critical Unreviewed
CVE-2025-25775 was published Apr 25, 2025
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job... Critical Unreviewed
CVE-2025-2470 was published Apr 25, 2025
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-46616 was published Apr 25, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an... Critical Unreviewed
CVE-2025-46272 was published Apr 25, 2025
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain... Critical Unreviewed
CVE-2025-46273 was published Apr 25, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create... Critical Unreviewed
CVE-2025-46275 was published Apr 25, 2025
UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated... Critical Unreviewed
CVE-2025-46271 was published Apr 25, 2025
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read,... Critical Unreviewed
CVE-2025-46274 was published Apr 25, 2025
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer... Critical Unreviewed
CVE-2025-26382 was published Apr 24, 2025
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization,... Critical Unreviewed
CVE-2025-31324 was published Apr 24, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress... Critical Unreviewed
CVE-2025-46264 was published Apr 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-46248 was published Apr 24, 2025
h11 accepts some malformed Chunked-Encoding bodies Critical
CVE-2025-43859 was published for h11 (pip) Apr 24, 2025
JeppW
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file... Critical Unreviewed
CVE-2025-3065 was published Apr 24, 2025
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed
CVE-2025-3604 was published Apr 24, 2025
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed
CVE-2025-3603 was published Apr 24, 2025
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow... Critical Unreviewed
CVE-2025-45429 was published Apr 23, 2025
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform... Critical Unreviewed
CVE-2025-45428 was published Apr 23, 2025
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform... Critical Unreviewed
CVE-2025-45427 was published Apr 23, 2025
org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API Critical
CVE-2025-32969 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 23, 2025
madprogrammer
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 Critical
GHSA-ggpf-24jw-3fcw was published for vllm (pip) Apr 23, 2025
azraelxuemo russellb
A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an... Critical Unreviewed
CVE-2025-37087 was published Apr 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database