Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

111,275 advisories

Loading
Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection.... High Unreviewed
CVE-2025-52828 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52776 was published Jul 4, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-49870 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-49274 was published Jul 4, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed
CVE-2025-52718 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52798 was published Jul 4, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-4414 was published Jul 4, 2025
Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allows Server Side... High Unreviewed
CVE-2025-49418 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-49866 was published Jul 4, 2025
Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue... High Unreviewed
CVE-2025-52805 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52796 was published Jul 4, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-52807 was published Jul 4, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-28980 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31037 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-49245 was published Jul 4, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-47627 was published Jul 4, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-49070 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-28978 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39487 was published Jul 4, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-32297 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-49247 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-32311 was published Jul 4, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-24780 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-28968 was published Jul 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-24771 was published Jul 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database