Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,523 advisories

Loading
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly... Critical Unreviewed
CVE-2025-54863 was published Nov 4, 2025
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript... Critical Unreviewed
CVE-2025-12682 was published Nov 4, 2025
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution ... Critical Unreviewed
CVE-2025-12493 was published Nov 4, 2025
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-12158 was published Nov 4, 2025
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a... Critical Unreviewed
CVE-2025-11007 was published Nov 4, 2025
The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Critical Unreviewed
CVE-2025-11008 was published Nov 4, 2025
Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an... Critical Unreviewed
CVE-2024-13997 was published Nov 4, 2025
An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras... Critical Unreviewed
CVE-2025-12463 was published Nov 3, 2025
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
liamjones conorfitch
Credited to Malayke, cylewaitforit, liamjones, and conorfitch
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. Critical Unreviewed
CVE-2025-63451 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. Critical Unreviewed
CVE-2025-63452 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. Critical Unreviewed
CVE-2025-63453 was published Nov 3, 2025
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to,... Critical Unreviewed
CVE-2025-8900 was published Nov 3, 2025
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand... Critical Unreviewed
CVE-2025-0987 was published Nov 3, 2025
Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1... Critical Unreviewed
CVE-2025-12600 was published Nov 1, 2025
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2... Critical Unreviewed
CVE-2025-12599 was published Nov 1, 2025
Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1... Critical Unreviewed
CVE-2025-12601 was published Nov 1, 2025
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for... Critical Unreviewed
CVE-2025-11499 was published Nov 1, 2025
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for... Critical Unreviewed
CVE-2025-11833 was published Nov 1, 2025
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in... Critical Unreviewed
CVE-2025-64348 was published Oct 31, 2025
Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU... Critical Unreviewed
CVE-2025-12553 was published Oct 31, 2025
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1... Critical Unreviewed
CVE-2025-29270 was published Oct 31, 2025
Denial of service of the web server through specific requests to this protocol Critical Unreviewed
CVE-2025-64388 was published Oct 31, 2025
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the... Critical Unreviewed
CVE-2025-64385 was published Oct 31, 2025
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in... Critical Unreviewed
CVE-2025-57108 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database