Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,198 advisories

Loading
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications... High Unreviewed
CVE-2025-40755 was published Oct 14, 2025
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for... High Unreviewed
CVE-2025-11188 was published Oct 10, 2025
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-10862 was published Oct 9, 2025
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in... High Unreviewed
CVE-2025-60311 was published Oct 8, 2025
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... High Unreviewed
CVE-2025-11204 was published Oct 8, 2025
A SQL Injection vulnerability was discovered in the Alert functionality due to improper... High Unreviewed
CVE-2025-40886 was published Oct 7, 2025
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter... High Unreviewed
CVE-2025-10692 was published Oct 3, 2025
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker... High Unreviewed
CVE-2025-53595 was published Oct 3, 2025
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker... High Unreviewed
CVE-2025-54153 was published Oct 3, 2025
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for... High Unreviewed
CVE-2025-9200 was published Oct 3, 2025
The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in... High Unreviewed
CVE-2025-10582 was published Oct 3, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-0616 was published Oct 3, 2025
Django vulnerable to SQL injection in column aliases High
CVE-2025-59681 was published for django (pip) Oct 1, 2025
In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext... High Unreviewed
CVE-2025-52039 was published Oct 1, 2025
In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype... High Unreviewed
CVE-2025-52041 was published Oct 1, 2025
In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype... High Unreviewed
CVE-2025-52042 was published Oct 1, 2025
The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the... High Unreviewed
CVE-2025-8877 was published Sep 30, 2025
Improper neutralization of input provided by an authorized user in article positioning... High Unreviewed
CVE-2025-8121 was published Sep 30, 2025
Improper neutralization of input provided by an authorized user in article positioning... High Unreviewed
CVE-2025-8122 was published Sep 30, 2025
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an... High Unreviewed
CVE-2025-6724 was published Sep 29, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-60108 was published Sep 26, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-60109 was published Sep 26, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-60110 was published Sep 26, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-60107 was published Sep 26, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-60118 was published Sep 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database