Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,685
Maven
5,000+
npm
4,318
NuGet
760
pip
4,092
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,760 advisories

Loading
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-13387 was published Dec 2, 2025
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local... High Unreviewed
CVE-2025-58482 was published Dec 2, 2025
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local... High Unreviewed
CVE-2025-58481 was published Dec 2, 2025
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-12529 was published Dec 2, 2025
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix... High Unreviewed
CVE-2024-45675 was published Dec 2, 2025
Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms High
CVE-2025-66298 was published for getgrav/grav (Composer) Dec 2, 2025
yiannakasgeorge
Credited to yiannakasgeorge
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass High
CVE-2025-66294 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection High
CVE-2025-66297 was published for getgrav/grav (Composer) Dec 2, 2025
p1r0x
Credited to p1r0x
Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption High
CVE-2025-66295 was published for getgrav/grav (Composer) Dec 2, 2025
NicatAliyevh
Credited to NicatAliyevh
Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes High
CVE-2025-66412 was published for @angular/compiler (npm) Dec 2, 2025
alan-agius4 crisbeto
devversion AKiileX AndrewKushnir
Credited to alan-agius4, crisbeto, devversion, AKiileX, and AndrewKushnir
Gin-vue-admin has an arbitrary file deletion vulnerability High
CVE-2025-66410 was published for github.com/flipped-aurora/gin-vue-admin (Go) Dec 2, 2025
Keras Directory Traversal Vulnerability High
CVE-2025-12060 was published for keras (pip) Dec 2, 2025
ready-research
Credited to ready-research
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter High
CVE-2025-66305 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions High
CVE-2025-66301 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav is vulnerable to Arbitrary File Read High
CVE-2025-66300 was published for getgrav/grav (Composer) Dec 2, 2025
thanayut1750
Credited to thanayut1750
Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection) High
CVE-2025-66299 was published for getgrav/grav (Composer) Dec 2, 2025
justwove
Credited to justwove
Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover High
CVE-2025-66296 was published for getgrav/grav (Composer) Dec 2, 2025
NicatAliyevh
Credited to NicatAliyevh
KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc()... High Unreviewed
CVE-2025-34297 was published Dec 1, 2025
SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides... High Unreviewed
CVE-2025-63365 was published Dec 1, 2025
XWiki Jetty Package (XJetty) allows accessing any application file through URL High
CVE-2025-55749 was published for org.xwiki.platform:xwiki-platform-tool-jetty-resources (Maven) Dec 1, 2025
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function... High Unreviewed
CVE-2025-55221 was published Dec 1, 2025
NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when... High Unreviewed
CVE-2025-7007 was published Dec 1, 2025
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function... High Unreviewed
CVE-2025-55222 was published Dec 1, 2025
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within... High Unreviewed
CVE-2025-63534 was published Dec 1, 2025
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing... High Unreviewed
CVE-2025-64775 was published Dec 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database