GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,912
Composer 5,067
Erlang 39
GitHub Actions 38
Go 2,717
Maven 6,143
npm 4,328
NuGet 761
pip 4,105
Pub 12
RubyGems 958
Rust 1,065
Swift 45

Unreviewed advisories

All unreviewed 278,933

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

24,124 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2025-12673 was published Dec 6, 2025

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account... Critical Unreviewed

CVE-2025-34291 was published Dec 6, 2025

ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution... Critical Unreviewed

CVE-2020-36877 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key... Critical Unreviewed

CVE-2025-34256 was published Dec 5, 2025

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login ... Critical Unreviewed

CVE-2025-12374 was published Dec 5, 2025

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset... Critical Unreviewed

CVE-2025-13313 was published Dec 5, 2025

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in... Critical Unreviewed

CVE-2025-66571 was published Dec 4, 2025

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an... Critical Unreviewed

CVE-2025-53963 was published Dec 4, 2025

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are... Critical Unreviewed

CVE-2025-54303 was published Dec 4, 2025

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are... Critical Unreviewed

CVE-2025-54304 was published Dec 4, 2025

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation... Critical Unreviewed

CVE-2024-45538 was published Dec 4, 2025

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Critical Unreviewed

CVE-2025-64055 was published Dec 3, 2025

XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial... Critical Unreviewed

CVE-2025-65868 was published Dec 3, 2025

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8... Critical Unreviewed

CVE-2025-34319 was published Dec 3, 2025

In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed

CVE-2025-65267 was published Dec 3, 2025

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions... Critical Unreviewed

CVE-2025-13390 was published Dec 3, 2025

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification... Critical Unreviewed

CVE-2025-13342 was published Dec 3, 2025

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution... Critical Unreviewed

CVE-2025-13486 was published Dec 3, 2025

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed

CVE-2025-13542 was published Dec 2, 2025

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute... Critical Unreviewed

CVE-2025-13658 was published Dec 2, 2025

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without... Critical Unreviewed

CVE-2025-13510 was published Dec 2, 2025

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the... Critical Unreviewed

CVE-2025-60736 was published Dec 2, 2025

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed

CVE-2025-58386 was published Dec 2, 2025

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend... Critical Unreviewed

CVE-2025-65656 was published Dec 2, 2025

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via... Critical Unreviewed

CVE-2025-65358 was published Dec 2, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

24,124 advisories