GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+ Composer
5,000+ Erlang
39 GitHub Actions
38 Go
2,746 Maven
5,000+ npm
4,350 NuGet
765 pip
4,114 Pub
12 RubyGems
960 Rust
1,069 Swift
45Unreviewed advisories
All unreviewed
5,000+115,407 advisories
Filter by severity
Uh oh!
There was an error while loading. Please reload this page.
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Denial of Service Vulnerability in React Server Components High
CVE-2025-67779 was published for react-server-dom-parcel (npm) Dec 12, 2025
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient... High Unreviewed
CVE-2025-58770 was published Dec 12, 2025
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services... High Unreviewed
CVE-2025-13506 was published Dec 12, 2025
SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in... High Unreviewed
CVE-2025-36745 was published Dec 12, 2025
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors,... High Unreviewed
CVE-2025-36743 was published Dec 12, 2025
Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract:... High Unreviewed
CVE-2025-23408 was published Dec 12, 2025
Apache HugeGraph-Server: RAFT and deserialization vulnerability High
CVE-2025-26866 was published for org.apache.hugegraph:hg-pd-core (Maven) Dec 12, 2025
The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2025-12570 was published Dec 12, 2025
A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected... High Unreviewed
CVE-2025-40829 was published Dec 12, 2025
The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by'... High Unreviewed
CVE-2025-14068 was published Dec 12, 2025
The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-14169 was published Dec 12, 2025
The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2025-14044 was published Dec 12, 2025
The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-12968 was published Dec 12, 2025
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and... High Unreviewed
CVE-2025-13334 was published Dec 12, 2025
The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions... High Unreviewed
CVE-2025-12824 was published Dec 12, 2025
The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to... High Unreviewed
CVE-2025-13886 was published Dec 12, 2025
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS... High Unreviewed
CVE-2025-13053 was published Dec 12, 2025
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM... High Unreviewed
CVE-2025-10451 was published Dec 12, 2025
When the user set the Notification's sender to send emails to the SMTP server via msmtp, an... High Unreviewed
CVE-2025-13052 was published Dec 12, 2025
APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated... High Unreviewed
CVE-2024-58310 was published Dec 12, 2025
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote... High Unreviewed
CVE-2024-58309 was published Dec 12, 2025
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2024-58312 was published Dec 12, 2025
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash... High Unreviewed
CVE-2024-58306 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API