GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,275
Composer 4,908
Erlang 39
GitHub Actions 38
Go 2,568
Maven 6,036
npm 4,240
NuGet 754
pip 4,004
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,867

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,718 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2025-11391 was published Oct 18, 2025

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... Critical Unreviewed

CVE-2017-20208 was published Oct 18, 2025

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to,... Critical Unreviewed

CVE-2017-20207 was published Oct 18, 2025

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to,... Critical Unreviewed

CVE-2017-20206 was published Oct 18, 2025

Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`)... Critical Unreviewed

CVE-2025-11925 was published Oct 17, 2025

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass... Critical Unreviewed

CVE-2025-56221 was published Oct 17, 2025

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote... Critical Unreviewed

CVE-2025-62645 was published Oct 17, 2025

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP... Critical Unreviewed

CVE-2025-8414 was published Oct 17, 2025

A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5... Critical Unreviewed

CVE-2025-60279 was published Oct 17, 2025

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read... Critical Unreviewed

CVE-2025-62353 was published Oct 17, 2025

A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically... Critical Unreviewed

CVE-2025-57567 was published Oct 17, 2025

Some versions of Hikvision's iSecure Center Product have an improper file upload control... Critical Unreviewed

CVE-2023-28814 was published Oct 17, 2025

Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation,... Critical Unreviewed

CVE-2023-28815 was published Oct 17, 2025

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network... Critical Unreviewed

CVE-2025-6949 was published Oct 17, 2025

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security... Critical Unreviewed

CVE-2025-6950 was published Oct 17, 2025

Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,... Critical Unreviewed

CVE-2025-11899 was published Oct 17, 2025

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed

CVE-2025-11900 was published Oct 17, 2025

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network... Critical Unreviewed

CVE-2025-6893 was published Oct 17, 2025

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of... Critical Unreviewed

CVE-2025-11492 was published Oct 16, 2025

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection... Critical Unreviewed

CVE-2025-34513 was published Oct 16, 2025

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary... Critical Unreviewed

CVE-2025-34515 was published Oct 16, 2025

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials... Critical Unreviewed

CVE-2025-34516 was published Oct 16, 2025

An improper privilege management vulnerability exists in WSO2 API Manager due to missing... Critical Unreviewed

CVE-2025-9152 was published Oct 16, 2025

An improper access control vulnerability exists in multiple WSO2 products due to insufficient... Critical Unreviewed

CVE-2025-9804 was published Oct 16, 2025

Due to an insufficient access control implementation in multiple WSO2 Products, authentication... Critical Unreviewed

CVE-2025-10611 was published Oct 16, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

23,718 advisories