Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,239
Maven
5,000+
npm
3,900
NuGet
701
pip
3,667
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

106,622 advisories

Loading
The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file... High Unreviewed
CVE-2025-3520 was published Apr 18, 2025
A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link... High Unreviewed
CVE-2025-25427 was published Apr 18, 2025
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2025-3246 was published Apr 18, 2025
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2025-3509 was published Apr 18, 2025
In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read... High Unreviewed
CVE-2022-49395 was published Apr 17, 2025
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential... High Unreviewed
CVE-2022-49410 was published Apr 17, 2025
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a... High Unreviewed
CVE-2022-49391 was published Apr 17, 2025
In the Linux kernel, the following vulnerability has been resolved: md: fix double free of... High Unreviewed
CVE-2022-49384 was published Apr 17, 2025
In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability.... High Unreviewed
CVE-2025-29180 was published Apr 17, 2025
FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php. High Unreviewed
CVE-2025-29181 was published Apr 17, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-29039 was published Apr 17, 2025
Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. High Unreviewed
CVE-2025-29661 was published Apr 17, 2025
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix... High Unreviewed
CVE-2021-47668 was published Apr 17, 2025
In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix... High Unreviewed
CVE-2021-47669 was published Apr 17, 2025
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after... High Unreviewed
CVE-2021-47670 was published Apr 17, 2025
An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a... High Unreviewed
CVE-2024-55211 was published Apr 17, 2025
IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an... High Unreviewed
CVE-2025-2947 was published Apr 17, 2025
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible High Unreviewed
CVE-2025-43012 was published Apr 17, 2025
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces High Unreviewed
CVE-2025-43015 was published Apr 17, 2025
Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege... High Unreviewed
CVE-2025-39542 was published Apr 17, 2025
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing... High Unreviewed
CVE-2025-39533 was published Apr 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39558 was published Apr 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39594 was published Apr 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-39586 was published Apr 17, 2025
Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly... High Unreviewed
CVE-2025-39583 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database