Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,031
NuGet
721
pip
3,821
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,321 advisories

Loading
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49747 was published Jul 18, 2025
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed
CVE-2025-7444 was published Jul 18, 2025
A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to... Critical Unreviewed
CVE-2025-26855 was published Jul 18, 2025
A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers... Critical Unreviewed
CVE-2025-26854 was published Jul 18, 2025
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-7643 was published Jul 18, 2025
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User... Critical Unreviewed
CVE-2025-6222 was published Jul 18, 2025
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying... Critical Unreviewed
CVE-2025-53964 was published Jul 17, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to... Critical Unreviewed
CVE-2025-23266 was published Jul 17, 2025
nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds... Critical Unreviewed
CVE-2025-50240 was published Jul 17, 2025
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. Critical Unreviewed
CVE-2025-53867 was published Jul 17, 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2025-25257 was published Jul 17, 2025
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in... Critical Unreviewed
CVE-2025-52046 was published Jul 17, 2025
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort... Critical Unreviewed
CVE-2025-51630 was published Jul 17, 2025
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-7712 was published Jul 17, 2025
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up... Critical Unreviewed
CVE-2025-5396 was published Jul 17, 2025
An unauthenticated command injection vulnerability exists in the cookie handling process of the... Critical Unreviewed
CVE-2025-34125 was published Jul 17, 2025
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a... Critical Unreviewed
CVE-2025-34127 was published Jul 17, 2025
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to... Critical Unreviewed
CVE-2025-34132 was published Jul 17, 2025
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with... Critical Unreviewed
CVE-2025-34117 was published Jul 16, 2025
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station... Critical Unreviewed
CVE-2025-34121 was published Jul 16, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20337 was published Jul 16, 2025
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior... Critical Unreviewed
CVE-2025-34300 was published Jul 16, 2025
Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce... Critical Unreviewed
CVE-2025-52836 was published Jul 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database