Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,844 advisories

Loading
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash... Critical Unreviewed
CVE-2025-2345 was published Mar 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-26875 was published Mar 16, 2025
The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and... Critical Unreviewed
CVE-2025-1771 was published Mar 15, 2025
Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
CVE-2025-2000 was published for qiskit (pip) Mar 14, 2025
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13 Critical
GHSA-3pwp-2fqj-6g2p was published for qiskit (pip) Mar 14, 2025 withdrawn
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password... Critical Unreviewed
CVE-2025-27595 was published Mar 14, 2025
The product can be used to distribute malicious code using SDD Device Drivers due to missing... Critical Unreviewed
CVE-2025-27593 was published Mar 14, 2025
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to... Critical Unreviewed
CVE-2025-2304 was published Mar 14, 2025
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is... Critical Unreviewed
CVE-2025-2232 was published Mar 14, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-13771 was published Mar 14, 2025
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-13824 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11284 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed
CVE-2024-11286 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11285 was published Mar 14, 2025
Flowise Pre-auth Arbitrary File Upload Critical
GHSA-h42x-xx2q-6v6g was published for flowise (npm) Mar 13, 2025
dorattias
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1... Critical Unreviewed
CVE-2025-2080 was published Mar 13, 2025
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is... Critical Unreviewed
CVE-2025-2263 was published Mar 13, 2025
cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) Critical
GHSA-h2rp-8vpx-q9r4 was published for github.com/cheqd/cheqd-node (Go) Mar 13, 2025
gjermundgaraba
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Critical
GHSA-4wf3-5qj9-368v was published for github.com/cosmos/ibc-go (Go) Mar 12, 2025
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Critical Unreviewed
CVE-2025-1960 was published Mar 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database