Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,980 advisories

Loading
XWiki does not require right warnings for XClass definitions High
CVE-2025-49585 was published for org.xwiki.platform:xwiki-platform-security-requiredrights-default (Maven) Jun 13, 2025
XWiki allows remote code execution through preview of XClass changes in AWM editor High
CVE-2025-49586 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 13, 2025
pgx SQL Injection via Line Comment Creation High
CVE-2024-27289 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
Credited to paul-gerste-sonarsource
XWiki makes title of inaccessible pages available through the class property values REST API High
CVE-2025-49584 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 13, 2025
XWiki allows remote code execution through default value of wiki macro wiki-type parameters High
CVE-2025-49581 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Jun 13, 2025
XWiki allows privilege escalation through link refactoring High
CVE-2025-49580 was published for org.xwiki.platform:xwiki-platform-refactoring-default (Maven) Jun 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48918 was published Jun 13, 2025
The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this... High Unreviewed
CVE-2023-52115 was published Jan 16, 2024
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non... High Unreviewed
CVE-2025-36631 was published Jun 13, 2025
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non... High Unreviewed
CVE-2025-36633 was published Jun 13, 2025
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was... High Unreviewed
CVE-2025-49468 was published Jun 13, 2025
Files in the source code contain login credentials for the admin user and the property... High Unreviewed
CVE-2025-49182 was published Jun 12, 2025
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... High Unreviewed
CVE-2025-5282 was published Jun 13, 2025
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write High
CVE-2025-47273 was published for setuptools (pip) May 19, 2025
SCH227
Credited to SCH227
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows... High Unreviewed
CVE-2025-5491 was published Jun 13, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual... High Unreviewed
CVE-2025-47959 was published Jun 13, 2025
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated... High Unreviewed
CVE-2025-4230 was published Jun 13, 2025
A username and password are required to authenticate to the central SinoTrack device management... High Unreviewed
CVE-2025-5484 was published Jun 12, 2025
Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control... High Unreviewed
CVE-2025-27689 was published Jun 12, 2025
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could... High Unreviewed
CVE-2025-44019 was published Jun 12, 2025
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of... High Unreviewed
CVE-2025-6031 was published Jun 12, 2025
User names used to access the web management interface are limited to the device identifier,... High Unreviewed
CVE-2025-5485 was published Jun 12, 2025
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could... High Unreviewed
CVE-2025-36539 was published Jun 12, 2025
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter... High Unreviewed
CVE-2025-2929 was published May 20, 2025
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses... High Unreviewed
CVE-2025-0725 was published Feb 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database