Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,605
Maven
5,000+
npm
4,250
NuGet
756
pip
4,016
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,141 advisories

Loading
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11735 was published Oct 28, 2025
pg8000 SQL injection vulnerability via a specially crafted Python list input High
CVE-2025-61385 was published for pg8000 (pip) Oct 27, 2025
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password... High Unreviewed
CVE-2025-61247 was published Oct 27, 2025
LangGraph's SQLite store implementation has a SQL Injection Vulnerability High
CVE-2025-8709 was published for langgraph-checkpoint-sqlite (pip) Oct 26, 2025
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection... High Unreviewed
CVE-2025-4203 was published Oct 25, 2025
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More... High Unreviewed
CVE-2025-11893 was published Oct 25, 2025
The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2025-8416 was published Oct 25, 2025
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions... High Unreviewed
CVE-2025-9322 was published Oct 25, 2025
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-62015 was published Oct 22, 2025
SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP... High Unreviewed
CVE-2025-9339 was published Oct 21, 2025
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL... High Unreviewed
CVE-2025-9428 was published Oct 21, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-62658 was published Oct 20, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-47902 was published Oct 20, 2025
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11691 was published Oct 18, 2025
The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all... High Unreviewed
CVE-2025-10743 was published Oct 15, 2025
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in... High Unreviewed
CVE-2025-11177 was published Oct 15, 2025
The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2025-11501 was published Oct 15, 2025
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft... High Unreviewed
CVE-2025-59213 was published Oct 14, 2025
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications... High Unreviewed
CVE-2025-40755 was published Oct 14, 2025
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-10862 was published Oct 9, 2025
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in... High Unreviewed
CVE-2025-60311 was published Oct 8, 2025
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... High Unreviewed
CVE-2025-11204 was published Oct 8, 2025
A SQL Injection vulnerability was discovered in the Alert functionality due to improper... High Unreviewed
CVE-2025-40886 was published Oct 7, 2025
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter... High Unreviewed
CVE-2025-10692 was published Oct 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database