Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,817 advisories

Loading
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Critical
GHSA-4wf3-5qj9-368v was published for github.com/cosmos/ibc-go (Go) Mar 12, 2025
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Critical Unreviewed
CVE-2025-1960 was published Mar 12, 2025
A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of... Critical Unreviewed
CVE-2024-13871 was published Mar 12, 2025
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to... Critical Unreviewed
CVE-2024-13872 was published Mar 12, 2025
The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-13446 was published Mar 12, 2025
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-33cr-m232-xqch was published for github.com/cheqd/cheqd-node (Go) Mar 11, 2025
swelf19
Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit... Critical Unreviewed
CVE-2025-28915 was published Mar 11, 2025
An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service... Critical Unreviewed
CVE-2025-26701 was published Mar 11, 2025
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication... Critical Unreviewed
CVE-2024-54085 was published Mar 11, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9),... Critical Unreviewed
CVE-2025-27493 was published Mar 11, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9),... Critical Unreviewed
CVE-2025-27494 was published Mar 11, 2025
A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning... Critical Unreviewed
CVE-2024-56336 was published Mar 11, 2025
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-1661 was published Mar 11, 2025
VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of... Critical Unreviewed
CVE-2025-25940 was published Mar 10, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-26916 was published Mar 10, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh... Critical Unreviewed
CVE-2025-26936 was published Mar 10, 2025
PlotAI eval vulnerability Critical
CVE-2025-1497 was published for plotai (pip) Mar 10, 2025
The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed
CVE-2025-0177 was published Mar 8, 2025
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-42733 was published Mar 7, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations Critical
CVE-2025-27603 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-12876 was published Mar 7, 2025
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed
CVE-2025-1315 was published Mar 7, 2025
A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting... Critical Unreviewed
CVE-2025-27816 was published Mar 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database