Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

269,175 advisories

Loading
The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-1559 was published Mar 13, 2025
The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text'... High Unreviewed
CVE-2025-2106 was published Mar 13, 2025
The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id'... High Unreviewed
CVE-2025-2107 was published Mar 13, 2025
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-13703 was published Mar 13, 2025
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite Moderate
CVE-2025-27794 was published for flarum/core (Composer) Mar 12, 2025
novacuum imorland
A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... High Unreviewed
CVE-2025-0114 was published Mar 12, 2025
A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker... Moderate Unreviewed
CVE-2025-0118 was published Mar 12, 2025
Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F... High Unreviewed
CVE-2024-26290 was published Mar 12, 2025
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the... Moderate Unreviewed
CVE-2025-0115 was published Mar 12, 2025
A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall... Moderate Unreviewed
CVE-2025-0116 was published Mar 12, 2025
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the... Unknown Unreviewed
CVE-2025-25975 was published Mar 12, 2025
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices... High Unreviewed
CVE-2025-0117 was published Mar 12, 2025
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) High
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Critical
GHSA-4wf3-5qj9-368v was published for github.com/cosmos/ibc-go (Go) Mar 12, 2025
Cosmos SDK: x/group can halt when erroring in EndBlocker High
GHSA-47ww-ff84-4jrg was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2025
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the... Unknown Unreviewed
CVE-2025-25567 was published Mar 12, 2025
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local... Moderate Unreviewed
CVE-2025-20177 was published Mar 12, 2025
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software... High Unreviewed
CVE-2025-20209 was published Mar 12, 2025
CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause... Moderate Unreviewed
CVE-2025-2002 was published Mar 12, 2025
An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via... High Unreviewed
CVE-2025-25711 was published Mar 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database