Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,748
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,750 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34329 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34328 was published Nov 19, 2025
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt... Critical Unreviewed
CVE-2025-25948 was published Mar 3, 2025
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was... Critical Unreviewed
CVE-2025-25953 was published Mar 3, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwnCycloctane
Credited to zeropwn and Cycloctane
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors
Credited to sixcolors
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-14344 was published Dec 12, 2025
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for... Critical Unreviewed
CVE-2025-12963 was published Dec 12, 2025
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to... Critical Unreviewed
CVE-2024-58301 was published Dec 12, 2025
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view... Critical Unreviewed
CVE-2024-58307 was published Dec 12, 2025
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections... Critical Unreviewed
CVE-2024-58290 was published Dec 12, 2025
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability... Critical Unreviewed
CVE-2024-58298 was published Dec 12, 2025
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to... Critical Unreviewed
CVE-2024-58308 was published Dec 12, 2025
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject... Critical Unreviewed
CVE-2024-58286 was published Dec 12, 2025
The mobile application is configured to allow clear text traffic to all domains and communicates... Critical Unreviewed
CVE-2025-65827 was published Dec 10, 2025
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can... Critical Unreviewed
CVE-2025-65820 was published Dec 10, 2025
Due to a lack of certificate validation, all traffic from the mobile application can be... Critical Unreviewed
CVE-2025-65830 was published Dec 10, 2025
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in... Critical Unreviewed
CVE-2025-63742 was published Dec 9, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-67529 was published Dec 9, 2025
The mobile application was found to contain stored credentials for the network it was developed... Critical Unreviewed
CVE-2025-65826 was published Dec 10, 2025
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for... Critical Unreviewed
CVE-2025-65823 was published Dec 10, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-67515 was published Dec 9, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-67530 was published Dec 9, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-67531 was published Dec 9, 2025
An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade... Critical Unreviewed
CVE-2025-65882 was published Dec 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database