Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,739 advisories

Loading
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component... High Unreviewed
CVE-2025-33178 was published Nov 11, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2025-23357 was published Nov 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious... High Unreviewed
CVE-2025-23361 was published Nov 11, 2025
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed
CVE-2025-12813 was published Nov 11, 2025
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-12637 was published Nov 11, 2025
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed
CVE-2025-42887 was published Nov 11, 2025
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a... Moderate Unreviewed
CVE-2025-42895 was published Nov 11, 2025
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9334 was published Nov 8, 2025
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed
CVE-2020-36870 was published Nov 8, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed
CVE-2025-49372 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed
CVE-2025-47588 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed
CVE-2025-32222 was published Nov 6, 2025
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed
CVE-2025-11093 was published Nov 5, 2025
expr-eval does not restrict functions passed to the evaluate function High
CVE-2025-12735 was published for expr-eval (npm) Nov 5, 2025
sei-vsarvepalli
Credited to sei-vsarvepalli
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed
CVE-2025-60785 was published Nov 3, 2025
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... High Unreviewed
CVE-2025-48984 was published Oct 31, 2025
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where... Critical Unreviewed
CVE-2025-34277 was published Oct 31, 2025
An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2025-61196 was published Oct 30, 2025
iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. Critical Unreviewed
CVE-2025-50739 was published Oct 30, 2025
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve... High Unreviewed
CVE-2025-56399 was published Oct 28, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid... Critical Unreviewed
CVE-2025-62959 was published Oct 27, 2025
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2025-8483 was published Oct 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database