Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

145,640 advisories

Loading
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing... Moderate Unreviewed
CVE-2025-12809 was published Dec 16, 2025
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2025-13794 was published Dec 16, 2025
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or... Moderate Unreviewed
CVE-2025-66357 was published Dec 16, 2025
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI... Moderate Unreviewed
CVE-2025-59479 was published Dec 16, 2025
A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerability exists in the admin... Moderate Unreviewed
CVE-2025-14777 was published Dec 16, 2025
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2025-13956 was published Dec 16, 2025
A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-14747 was published Dec 16, 2025
A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown... Moderate Unreviewed
CVE-2025-14746 was published Dec 16, 2025
Incorrect configuration of replication security in the MariaDB component of the infra-operator in... Moderate Unreviewed
CVE-2025-14758 was published Dec 16, 2025
An SQL injection vulnerability has been reported to affect several QNAP operating system versions... Moderate Unreviewed
CVE-2025-62849 was published Dec 16, 2025
A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of... Moderate Unreviewed
CVE-2025-14749 was published Dec 16, 2025
A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of... Moderate Unreviewed
CVE-2025-14748 was published Dec 16, 2025
An improper neutralization of argument delimiters in a command vulnerability has been reported to... Moderate Unreviewed
CVE-2025-62847 was published Dec 16, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD
Credited to eternal-flame-AD
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an... Moderate Unreviewed
CVE-2025-14731 was published Dec 16, 2025
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to... Moderate Unreviewed
CVE-2025-9122 was published Dec 16, 2025
A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted... Moderate Unreviewed
CVE-2025-14730 was published Dec 16, 2025
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected... Moderate Unreviewed
CVE-2025-14729 was published Dec 16, 2025
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Moderate
CVE-2025-67735 was published for io.netty:netty-codec-http (Maven) Dec 15, 2025
vietj nakyamad
Credited to vietj and nakyamad
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) Moderate
CVE-2025-67715 was published for Weblate (pip) Dec 15, 2025
naxus-audit nijel
Credited to naxus-audit and nijel
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration Moderate
CVE-2025-67492 was published for Weblate (pip) Dec 15, 2025
naxus-audit nijel
Credited to naxus-audit and nijel
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed
CVE-2023-53880 was published Dec 15, 2025
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL... Moderate Unreviewed
CVE-2023-53882 was published Dec 15, 2025
NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact... Moderate Unreviewed
CVE-2023-53879 was published Dec 15, 2025
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53887 was published Dec 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database