Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

144,533 advisories

Loading
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the... Moderate Unreviewed
CVE-2025-14092 was published Dec 5, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Moderate Unreviewed
CVE-2025-64052 was published Dec 5, 2025
Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte Moderate
CVE-2025-66220 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
ggreenway yanavlasov agrawroh
Credited to botengyao, phlax, ggreenway, yanavlasov, and agrawroh
Envoy crashes when JWT authentication is configured with the remote JWKS fetching Moderate
CVE-2025-64527 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
agrawroh yanavlasov
Credited to botengyao, phlax, agrawroh, and yanavlasov
A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function... Moderate Unreviewed
CVE-2025-14086 was published Dec 5, 2025
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an... Moderate Unreviewed
CVE-2025-14088 was published Dec 5, 2025
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a... Moderate Unreviewed
CVE-2025-6966 was published Dec 5, 2025
A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown... Moderate Unreviewed
CVE-2025-14085 was published Dec 5, 2025
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2025-12876 was published Dec 5, 2025
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-13739 was published Dec 5, 2025
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing... Moderate Unreviewed
CVE-2025-13620 was published Dec 5, 2025
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-13678 was published Dec 5, 2025
The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2025-13682 was published Dec 5, 2025
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users... Moderate Unreviewed
CVE-2025-66200 was published Dec 5, 2025
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server... Moderate Unreviewed
CVE-2025-65082 was published Dec 5, 2025
The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... Moderate Unreviewed
CVE-2025-13684 was published Dec 5, 2025
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a... Moderate Unreviewed
CVE-2025-12093 was published Dec 5, 2025
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for... Moderate Unreviewed
CVE-2025-12130 was published Dec 5, 2025
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2025-12186 was published Dec 5, 2025
The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2025-12355 was published Dec 5, 2025
The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress... Moderate Unreviewed
CVE-2025-12373 was published Dec 5, 2025
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2025-12354 was published Dec 5, 2025
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13515 was published Dec 5, 2025
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to... Moderate Unreviewed
CVE-2025-32900 was published Dec 5, 2025
The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-13623 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database