Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,645 advisories

Loading
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to... Critical Unreviewed
CVE-2025-63525 was published Dec 1, 2025
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to... Critical Unreviewed
CVE-2025-12106 was published Dec 1, 2025
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by... Critical Unreviewed
CVE-2025-35028 was published Dec 1, 2025
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-13615 was published Nov 30, 2025
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to... Critical Unreviewed
CVE-2025-66385 was published Nov 28, 2025
Permission control vulnerability in the memory management module. Impact: Successful exploitation... Critical Unreviewed
CVE-2025-64314 was published Nov 28, 2025
Mattermost fails to to verify the token used during code exchange Critical
CVE-2025-12421 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication Critical
CVE-2025-12419 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool... Critical Unreviewed
CVE-2025-8890 was published Nov 27, 2025
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the... Critical Unreviewed
CVE-2025-12140 was published Nov 27, 2025
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-13539 was published Nov 27, 2025
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-13538 was published Nov 27, 2025
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13540 was published Nov 27, 2025
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and... Critical Unreviewed
CVE-2025-13675 was published Nov 27, 2025
Ray's New Token Authentication is Disabled By Default Critical
CVE-2025-34351 was published for ray (pip) Nov 27, 2025
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to... Critical Unreviewed
CVE-2024-5539 was published Nov 27, 2025
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are... Critical Unreviewed
CVE-2025-40934 was published Nov 27, 2025
An unauthenticated administrative access vulnerability exists in the open-source HashTech project... Critical Unreviewed
CVE-2025-65276 was published Nov 26, 2025
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from... Critical Unreviewed
CVE-2025-65669 was published Nov 26, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
Improper neutralization of special elements used in an OS command ('command injection') in Cursor... Critical Unreviewed
CVE-2025-62354 was published Nov 26, 2025
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied... Critical Unreviewed
CVE-2025-64127 was published Nov 26, 2025
An OS command injection vulnerability exists due to incomplete validation of user-supplied input... Critical Unreviewed
CVE-2025-64128 was published Nov 26, 2025
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed
CVE-2025-64130 was published Nov 26, 2025
An OS command injection vulnerability exists due to improper input validation. The application... Critical Unreviewed
CVE-2025-64126 was published Nov 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database