Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

266,750 advisories

Loading
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26757 was published Feb 22, 2025
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator... Moderate Unreviewed
CVE-2025-26764 was published Feb 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload... Critical Unreviewed
CVE-2025-26776 was published Feb 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26756 was published Feb 22, 2025
Missing Authorization vulnerability in appsbd Vitepos allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2025-26750 was published Feb 22, 2025
A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated... Moderate Unreviewed
CVE-2019-8900 was published Feb 22, 2025
The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-0953 was published Feb 22, 2025
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an... Moderate Unreviewed
CVE-2025-1557 was published Feb 22, 2025
The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2025-0918 was published Feb 22, 2025
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU... Unknown Unreviewed
CVE-2024-12577 was published Feb 22, 2025
A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0.... Moderate Unreviewed
CVE-2025-1556 was published Feb 22, 2025
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-0957 was published Feb 22, 2025
Kernel software installed and running inside a Guest VM may post improper commands to the GPU... Unknown Unreviewed
CVE-2024-52939 was published Feb 22, 2025
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU... Unknown Unreviewed
CVE-2024-47896 was published Feb 22, 2025
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU... Unknown Unreviewed
CVE-2024-46975 was published Feb 22, 2025
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is... High Unreviewed
CVE-2024-7695 was published Jan 29, 2025
In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control... Unknown Unreviewed
CVE-2025-21704 was published Feb 22, 2025
A vulnerability was found in pankajindevops scale up to 3633544a00245d3df88b6d13d9b3dd0f411be7f6.... Moderate Unreviewed
CVE-2025-1553 was published Feb 22, 2025
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing... High Unreviewed
CVE-2023-6648 was published Dec 10, 2023
The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-13564 was published Feb 22, 2025
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information... High Unreviewed
CVE-2025-1361 was published Feb 22, 2025
The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-12467 was published Feb 22, 2025
The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13474 was published Feb 22, 2025
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-13873 was published Feb 22, 2025
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-13899 was published Feb 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database