Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,350
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,750 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-14344 was published Dec 12, 2025
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for... Critical Unreviewed
CVE-2025-12963 was published Dec 12, 2025
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view... Critical Unreviewed
CVE-2024-58307 was published Dec 12, 2025
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to... Critical Unreviewed
CVE-2024-58308 was published Dec 12, 2025
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections... Critical Unreviewed
CVE-2024-58290 was published Dec 12, 2025
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject... Critical Unreviewed
CVE-2024-58286 was published Dec 12, 2025
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability... Critical Unreviewed
CVE-2024-58298 was published Dec 12, 2025
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to... Critical Unreviewed
CVE-2024-58301 was published Dec 12, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwnCycloctane
Credited to zeropwn and Cycloctane
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6... Critical Unreviewed
CVE-2025-65473 was published Dec 11, 2025
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of... Critical Unreviewed
CVE-2025-66048 was published Dec 11, 2025
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of... Critical Unreviewed
CVE-2025-66043 was published Dec 11, 2025
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of... Critical Unreviewed
CVE-2025-66047 was published Dec 11, 2025
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of... Critical Unreviewed
CVE-2025-66045 was published Dec 11, 2025
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of... Critical Unreviewed
CVE-2025-66044 was published Dec 11, 2025
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of... Critical Unreviewed
CVE-2025-66046 was published Dec 11, 2025
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within... Critical Unreviewed
CVE-2025-14265 was published Dec 11, 2025
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to... Critical Unreviewed
CVE-2025-13764 was published Dec 11, 2025
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025... Critical Unreviewed
CVE-2025-65294 was published Dec 11, 2025
The mobile application was found to contain stored credentials for the network it was developed... Critical Unreviewed
CVE-2025-65826 was published Dec 10, 2025
The mobile application is configured to allow clear text traffic to all domains and communicates... Critical Unreviewed
CVE-2025-65827 was published Dec 10, 2025
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for... Critical Unreviewed
CVE-2025-65823 was published Dec 10, 2025
Due to a lack of certificate validation, all traffic from the mobile application can be... Critical Unreviewed
CVE-2025-65830 was published Dec 10, 2025
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can... Critical Unreviewed
CVE-2025-65820 was published Dec 10, 2025
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation... Critical Unreviewed
CVE-2020-36892 was published Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database