Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

116,047 advisories

Loading
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of... High Unreviewed
CVE-2025-14995 was published Dec 21, 2025
A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the... High Unreviewed
CVE-2025-14994 was published Dec 21, 2025
The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form... High Unreviewed
CVE-2025-14855 was published Dec 21, 2025
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed
CVE-2025-14800 was published Dec 21, 2025
A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the... High Unreviewed
CVE-2025-14993 was published Dec 21, 2025
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL... High Unreviewed
CVE-2025-68644 was published Dec 21, 2025
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9343 was published Dec 21, 2025
A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the... High Unreviewed
CVE-2025-14992 was published Dec 21, 2025
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is... High Unreviewed
CVE-2025-12980 was published Dec 21, 2025
The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2025-14071 was published Dec 21, 2025
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting... High Unreviewed
CVE-2023-25446 was published Dec 21, 2025
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege... High Unreviewed
CVE-2025-34290 was published Dec 20, 2025
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification High
GHSA-83jg-m2pm-4jxj was published for cowrie (pip) Dec 20, 2025
filippolauria
Credited to filippolauria
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized... High Unreviewed
CVE-2025-7782 was published Dec 20, 2025
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An... High Unreviewed
CVE-2025-14300 was published Dec 20, 2025
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can... High Unreviewed
CVE-2025-14299 was published Dec 20, 2025
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An... High Unreviewed
CVE-2025-8065 was published Dec 20, 2025
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo
Credited to J1vvoo
Langflow vulnerable to Server-Side Request Forgery High
CVE-2025-68477 was published for langflow (pip) Dec 19, 2025
im-soohyun
Credited to im-soohyun
AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate... High Unreviewed
CVE-2023-53949 was published Dec 19, 2025
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in... High Unreviewed
CVE-2023-53945 was published Dec 19, 2025
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2023-53952 was published Dec 19, 2025
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local... High Unreviewed
CVE-2023-53947 was published Dec 19, 2025
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows... High Unreviewed
CVE-2023-53958 was published Dec 19, 2025
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative... High Unreviewed
CVE-2023-53956 was published Dec 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database