Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,965
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,695 advisories

Loading
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... High Unreviewed
CVE-2025-48984 was published Oct 31, 2025
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where... Critical Unreviewed
CVE-2025-34277 was published Oct 31, 2025
An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2025-61196 was published Oct 30, 2025
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve... High Unreviewed
CVE-2025-56399 was published Oct 28, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid... Critical Unreviewed
CVE-2025-62959 was published Oct 27, 2025
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2025-8483 was published Oct 25, 2025
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4... High Unreviewed
CVE-2025-61136 was published Oct 23, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque... Critical Unreviewed
CVE-2025-62023 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed
CVE-2025-60206 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last... High Unreviewed
CVE-2025-52756 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium... High Unreviewed
CVE-2025-49926 was published Oct 22, 2025
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept... Moderate Unreviewed
CVE-2025-8848 was published Oct 22, 2025
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker... High Unreviewed
CVE-2025-61488 was published Oct 20, 2025
Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-3g4j-r53p-22wx was published for flowise (npm) Oct 17, 2025 withdrawn
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically... Critical Unreviewed
CVE-2025-57567 was published Oct 17, 2025
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the... Moderate Unreviewed
CVE-2025-11905 was published Oct 17, 2025
bagisto has Server Side Template Injection (SSTI) in Product Description Moderate
CVE-2025-62416 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain... Critical Unreviewed
CVE-2025-11548 was published Oct 14, 2025
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in... Moderate Unreviewed
CVE-2025-31365 was published Oct 14, 2025
ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An... Critical Unreviewed
CVE-2025-46581 was published Oct 14, 2025
An low privileged remote attacker with an account for the Web-based management can change the... High Unreviewed
CVE-2025-41699 was published Oct 14, 2025
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript... Moderate Unreviewed
CVE-2025-42901 was published Oct 14, 2025
Happy DOM: VM Context Escape can lead to Remote Code Execution Critical
CVE-2025-61927 was published for happy-dom (npm) Oct 10, 2025
Mas0nShi
Credited to Mas0nShi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database