Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

104,965 advisories

Loading
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM... High Unreviewed
CVE-2025-36367 was published Nov 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-6574 was published Nov 1, 2025
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2025-12171 was published Nov 1, 2025
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for... High Unreviewed
CVE-2025-11755 was published Nov 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-5949 was published Nov 1, 2025
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event... High Unreviewed
CVE-2025-11995 was published Nov 1, 2025
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to... High Unreviewed
CVE-2025-11920 was published Nov 1, 2025
Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a... High Unreviewed
CVE-2025-63561 was published Oct 31, 2025
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will... High Unreviewed
CVE-2025-10693 was published Oct 31, 2025
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target... High Unreviewed
CVE-2025-64349 was published Oct 31, 2025
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in... High Unreviewed
CVE-2025-62618 was published Oct 31, 2025
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid... High Unreviewed
CVE-2025-63465 was published Oct 31, 2025
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid... High Unreviewed
CVE-2025-63464 was published Oct 31, 2025
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way... High Unreviewed
CVE-2025-12507 was published Oct 31, 2025
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed... High Unreviewed
CVE-2025-12357 was published Oct 31, 2025
On a client with an admin user, a Global_Shipping script can be implemented. The script could... High Unreviewed
CVE-2025-12509 was published Oct 31, 2025
When using domain users as BRAIN2 users, communication with Active Directory services is... High Unreviewed
CVE-2025-12508 was published Oct 31, 2025
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid... High Unreviewed
CVE-2025-63469 was published Oct 31, 2025
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the... High Unreviewed
CVE-2025-63468 was published Oct 31, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain... High Unreviewed
CVE-2025-33003 was published Oct 31, 2025
Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application... High Unreviewed
CVE-2025-12501 was published Oct 31, 2025
The equipment grants a JWT token for each connection in the timeline, but during an active valid... High Unreviewed
CVE-2025-64386 was published Oct 31, 2025
The web server of the device performs exchanges of sensitive information in clear text through an... High Unreviewed
CVE-2025-64389 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database