Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,328
NuGet
761
pip
4,100
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

4,015 advisories

Loading
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution... Critical Unreviewed
CVE-2025-13486 was published Dec 3, 2025
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute... Critical Unreviewed
CVE-2025-13658 was published Dec 2, 2025
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’... High Unreviewed
CVE-2024-39148 was published Dec 1, 2025
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is... Moderate Unreviewed
CVE-2025-59302 was published Nov 27, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components,... High Unreviewed
CVE-2025-33204 was published Nov 25, 2025
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed
CVE-2025-6389 was published Nov 25, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10702 was published Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10703 was published Nov 19, 2025
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed
CVE-2025-13035 was published Nov 19, 2025
The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks... Moderate Unreviewed
CVE-2025-63693 was published Nov 18, 2025
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation... Moderate Unreviewed
CVE-2025-37157 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33184 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33183 was published Nov 18, 2025
The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is... Moderate Unreviewed
CVE-2025-7711 was published Nov 18, 2025
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is... High Unreviewed
CVE-2025-12733 was published Nov 13, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of... Moderate Unreviewed
CVE-2024-48829 was published Nov 12, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component... High Unreviewed
CVE-2025-33178 was published Nov 11, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2025-23357 was published Nov 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious... High Unreviewed
CVE-2025-23361 was published Nov 11, 2025
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-12637 was published Nov 11, 2025
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed
CVE-2025-12813 was published Nov 11, 2025
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed
CVE-2025-42887 was published Nov 11, 2025
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a... Moderate Unreviewed
CVE-2025-42895 was published Nov 11, 2025
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9334 was published Nov 8, 2025
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed
CVE-2020-36870 was published Nov 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database