Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

277,491 advisories

Loading
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E... Moderate Unreviewed
CVE-2025-63883 was published Nov 18, 2025
Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page... Moderate Unreviewed
CVE-2025-59117 was published Nov 18, 2025
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected... Moderate Unreviewed
CVE-2025-63892 was published Nov 18, 2025
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious... Moderate Unreviewed
CVE-2025-59112 was published Nov 18, 2025
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2025-8084 was published Nov 18, 2025
Windu CMS implements weak client-side brute-force protection by using parameter loginError.... Moderate Unreviewed
CVE-2025-59113 was published Nov 18, 2025
Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data... Moderate Unreviewed
CVE-2025-59115 was published Nov 18, 2025
Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious... Moderate Unreviewed
CVE-2025-59111 was published Nov 18, 2025
Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious... Moderate Unreviewed
CVE-2025-59114 was published Nov 18, 2025
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference... Moderate Unreviewed
CVE-2025-59116 was published Nov 18, 2025
A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability... Moderate Unreviewed
CVE-2025-13347 was published Nov 18, 2025
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented... Moderate Unreviewed
CVE-2025-59110 was published Nov 18, 2025
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73,... Moderate Unreviewed
CVE-2025-55179 was published Nov 18, 2025
A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue... Moderate Unreviewed
CVE-2025-13349 was published Nov 18, 2025
A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects... Moderate Unreviewed
CVE-2025-13346 was published Nov 18, 2025
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more... Moderate Unreviewed
CVE-2025-12545 was published Nov 18, 2025
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12376 was published Nov 18, 2025
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds... Moderate Unreviewed
CVE-2025-10158 was published Nov 18, 2025
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-12457 was published Nov 18, 2025
The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind... Moderate Unreviewed
CVE-2025-11427 was published Nov 18, 2025
The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12392 was published Nov 18, 2025
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del... High Unreviewed
CVE-2025-41347 was published Nov 18, 2025
A low privileged remote attacker can upload a new or overwrite an existing python script by using... High Unreviewed
CVE-2025-41736 was published Nov 18, 2025
The commissioning wizard on the affected devices does not validate if the device is already... Critical Unreviewed
CVE-2025-41733 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database