Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,854 advisories

Loading
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13619 was published Dec 20, 2025
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads... Critical Unreviewed
CVE-2025-13329 was published Dec 20, 2025
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the... Critical Unreviewed
CVE-2023-53948 was published Dec 19, 2025
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows... Critical Unreviewed
CVE-2023-53950 was published Dec 19, 2025
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit... Critical Unreviewed
CVE-2023-53951 was published Dec 19, 2025
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function... Critical Unreviewed
CVE-2025-14964 was published Dec 19, 2025
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could... Critical Unreviewed
CVE-2024-49587 was published Dec 19, 2025
An issue in GT Edge AI Platform Versions before v2.0.10-dev allows attackers to execute arbitrary... Critical Unreviewed
CVE-2025-63665 was published Dec 19, 2025
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution... Critical Unreviewed
CVE-2025-34433 was published Dec 19, 2025
Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information... Critical Unreviewed
CVE-2025-1928 was published Dec 19, 2025
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated... Critical Unreviewed
CVE-2025-14733 was published Dec 19, 2025
Custom Question Answering Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-64663 was published Dec 19, 2025
Improper control of generation of code ('code injection') in Azure Container Apps allows an... Critical Unreviewed
CVE-2025-65037 was published Dec 19, 2025
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-65041 was published Dec 19, 2025
Weblate is vulnerable to RCE through Git config file overwrite Critical
CVE-2025-68398 was published for Weblate (pip) Dec 18, 2025
secjson nijel
Credited to secjson and nijel
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2023-53941 was published Dec 18, 2025
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote... Critical Unreviewed
CVE-2023-53942 was published Dec 18, 2025
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker... Critical Unreviewed
CVE-2025-56157 was published Dec 18, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn... Critical Unreviewed
CVE-2025-64236 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
Ollama Platform has missing authentication enabling attackers to perform model management operations Critical
CVE-2025-63389 was published for github.com/ollama/ollama (Go) Dec 18, 2025
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2... Critical Unreviewed
CVE-2025-0165 was published Dec 18, 2025
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in... Critical Unreviewed
CVE-2025-65008 was published Dec 18, 2025
Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146... Critical Unreviewed
CVE-2025-14860 was published Dec 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database