Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,893
Erlang
38
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,656 advisories

Loading
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise... Critical Unreviewed
CVE-2025-37729 was published Oct 13, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-6919 was published Oct 13, 2025
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform... Critical Unreviewed
CVE-2025-9976 was published Oct 13, 2025
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker... Critical Unreviewed
CVE-2025-9265 was published Oct 13, 2025
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design... Critical Unreviewed
CVE-2025-6439 was published Oct 11, 2025
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-6553 was published Oct 11, 2025
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,... Critical Unreviewed
CVE-2025-11533 was published Oct 11, 2025
In modem, there is a possible system crash due to improper input validation. This could lead to... Critical Unreviewed
CVE-2025-31718 was published Oct 11, 2025
In modem, there is a possible system crash due to improper input validation. This could lead to... Critical Unreviewed
CVE-2025-31717 was published Oct 11, 2025
JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main... Critical Unreviewed
CVE-2025-60269 was published Oct 10, 2025
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege... Critical Unreviewed
CVE-2025-60306 was published Oct 10, 2025
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily... Critical Unreviewed
CVE-2025-6519 was published Oct 10, 2025
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59246 was published Oct 9, 2025
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59218 was published Oct 9, 2025
Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem'... Critical Unreviewed
CVE-2025-35050 was published Oct 9, 2025
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin... Critical Unreviewed
CVE-2025-60316 was published Oct 9, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2017-20203 was published Oct 9, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59974 was published Oct 9, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59978 was published Oct 9, 2025
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication... Critical Unreviewed
CVE-2025-11522 was published Oct 9, 2025
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... Critical Unreviewed
CVE-2025-7526 was published Oct 9, 2025
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... Critical Unreviewed
CVE-2025-7634 was published Oct 9, 2025
The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘event_venue’... Critical Unreviewed
CVE-2025-10586 was published Oct 9, 2025
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and... Critical Unreviewed
CVE-2017-20202 was published Oct 9, 2025
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry... Critical Unreviewed
CVE-2017-20201 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database