Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,821 advisories

Loading
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-47586 was published Jun 6, 2025
A missing authentication for critical function vulnerability in the client application of Soar... Critical Unreviewed
CVE-2025-5192 was published Jun 6, 2025
An unrestricted upload of file with dangerous type vulnerability in the upload file function of... Critical Unreviewed
CVE-2025-48782 was published Jun 6, 2025
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD... Critical Unreviewed
CVE-2025-48780 was published Jun 6, 2025
A missing protection against path traversal allows to access any file on the server. Critical Unreviewed
CVE-2025-3365 was published Jun 6, 2025
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing... Critical Unreviewed
CVE-2025-5486 was published Jun 6, 2025
An improper neutralization of inputs used in expression language allows remote code execution... Critical Unreviewed
CVE-2025-3322 was published Jun 6, 2025
A predefined administrative account is not documented and cannot be deactivated. This account... Critical Unreviewed
CVE-2025-3321 was published Jun 6, 2025
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-98j6-67v3-mw34 was published for auth0/symfony (Composer) Jun 6, 2025
Exposure of sensitive information to an unauthorized actor in Power Automate allows an... Critical Unreviewed
CVE-2025-47966 was published Jun 5, 2025
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-3549 was published Jun 11, 2024
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing... Critical Unreviewed
CVE-2024-3729 was published May 2, 2024
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at... Critical Unreviewed
CVE-2024-22108 was published Feb 2, 2024
An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job... Critical Unreviewed
CVE-2025-29813 was published May 9, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component ... Critical Unreviewed
CVE-2024-48072 was published Nov 19, 2024
A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of... Critical Unreviewed
CVE-2024-48069 was published Nov 19, 2024
Weaver Ecology v9* was discovered to contain a SQL injection vulnerability. Critical Unreviewed
CVE-2024-48070 was published Nov 19, 2024
Remote code execution Critical Unreviewed
CVE-2022-42541 was published Nov 30, 2023
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via... Critical Unreviewed
CVE-2023-45481 was published Nov 29, 2023
The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6809 was published May 15, 2025
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that... Critical Unreviewed
CVE-2025-5701 was published Jun 5, 2025
Improper neutralization of input provided by an unauthorized user into changes__reference_id... Critical Unreviewed
CVE-2025-4568 was published Jun 5, 2025
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection... Critical Unreviewed
CVE-2025-1793 was published Jun 5, 2025
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This... Critical Unreviewed
CVE-2025-5630 was published Jun 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database