Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,688
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

133,122 advisories

Loading
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers... Moderate Unreviewed
CVE-2025-52622 was published Dec 2, 2025
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an... Moderate Unreviewed
CVE-2025-13877 was published Dec 2, 2025
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF... Moderate Unreviewed
CVE-2025-58113 was published Dec 2, 2025
The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to... Moderate Unreviewed
CVE-2025-12630 was published Dec 2, 2025
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. ... Moderate Unreviewed
CVE-2025-13372 was published Dec 2, 2025
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the... Moderate Unreviewed
CVE-2025-13875 was published Dec 2, 2025
A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372... Moderate Unreviewed
CVE-2025-13876 was published Dec 2, 2025
Vulnerability in the access control system of the GAMS licensing system that allows unlimited... Moderate Unreviewed
CVE-2025-41086 was published Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Moderate Unreviewed
CVE-2025-59701 was published Dec 2, 2025
Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an... Moderate Unreviewed
CVE-2025-13879 was published Dec 2, 2025
Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an... Moderate Unreviewed
CVE-2025-40700 was published Dec 2, 2025
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an... Moderate Unreviewed
CVE-2025-41015 was published Dec 2, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),... Moderate Unreviewed
CVE-2025-13505 was published Dec 2, 2025
The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-13731 was published Dec 2, 2025
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an... Moderate Unreviewed
CVE-2025-41014 was published Dec 2, 2025
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated... Moderate Unreviewed
CVE-2025-41066 was published Dec 2, 2025
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E... Moderate Unreviewed
CVE-2025-41743 was published Dec 2, 2025
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26... Moderate Unreviewed
CVE-2025-13873 was published Dec 2, 2025
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search'... Moderate Unreviewed
CVE-2025-13090 was published Dec 2, 2025
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-13140 was published Dec 2, 2025
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL... Moderate Unreviewed
CVE-2025-12483 was published Dec 2, 2025
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing... Moderate Unreviewed
CVE-2025-11726 was published Dec 2, 2025
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is... Moderate Unreviewed
CVE-2025-13007 was published Dec 2, 2025
The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13685 was published Dec 2, 2025
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13534 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database