GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,730
Composer 5,030
Erlang 39
GitHub Actions 38
Go 2,670
Maven 6,116
npm 4,296
NuGet 760
pip 4,075
Pub 12
RubyGems 957
Rust 1,058
Swift 45

Unreviewed advisories

All unreviewed 277,952

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

27,522 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2025-39463 was published Nov 6, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2025-39466 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed

CVE-2025-32222 was published Nov 6, 2025

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed

CVE-2025-63334 was published Nov 5, 2025

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed

CVE-2025-63416 was published Nov 5, 2025

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed

CVE-2025-55343 was published Nov 5, 2025

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed

CVE-2025-56231 was published Nov 5, 2025

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A... Critical Unreviewed

CVE-2025-45378 was published Nov 5, 2025

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with... Critical Unreviewed

CVE-2025-46364 was published Nov 5, 2025

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could... Critical Unreviewed

CVE-2025-20354 was published Nov 5, 2025

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could... Critical Unreviewed

CVE-2025-20358 was published Nov 5, 2025

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted... Critical Unreviewed

CVE-2025-61304 was published Nov 5, 2025

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an... Critical Unreviewed

CVE-2025-63601 was published Nov 5, 2025

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. Critical

CVE-2025-64459 was published for django (pip) Nov 5, 2025

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr&... Critical Unreviewed

CVE-2025-47151 was published Nov 5, 2025

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr&#39... Critical Unreviewed

CVE-2025-46705 was published Nov 5, 2025

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format... Critical Unreviewed

CVE-2025-46784 was published Nov 5, 2025

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature... Critical Unreviewed

CVE-2025-46404 was published Nov 5, 2025

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read... Critical Unreviewed

CVE-2025-55108 was published Nov 5, 2025

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed

CVE-2025-12674 was published Nov 5, 2025

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Critical Unreviewed

CVE-2025-11749 was published Nov 5, 2025

The Survision LPR Camera system does not enforce password protection by default. This allows... Critical Unreviewed

CVE-2025-12108 was published Nov 4, 2025

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly... Critical Unreviewed

CVE-2025-54863 was published Nov 4, 2025

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the... Critical Unreviewed

CVE-2025-61945 was published Nov 4, 2025

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions,... Critical Unreviewed

CVE-2025-61956 was published Nov 4, 2025

Previous 1…7…400 Next

Previous 1 2 … 5 6 7 8 9 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

27,522 advisories