Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices... High Unreviewed
CVE-2025-9961 was published Sep 6, 2025
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to... High Unreviewed
CVE-2025-7040 was published Sep 6, 2025
The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-9515 was published Sep 6, 2025
ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15... High Unreviewed
CVE-2025-58439 was published Sep 6, 2025
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is... High Unreviewed
CVE-2025-7366 was published Sep 6, 2025
Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker... High Unreviewed
CVE-2021-26383 was published Sep 6, 2025
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against... High Unreviewed
CVE-2025-9709 was published Sep 5, 2025
In System UI, there is a possible way to view other users' images due to a confused deputy. This... High Unreviewed
CVE-2025-32320 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58206 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58214 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-57889 was published Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53307 was published Sep 5, 2025
In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead... High Unreviewed
CVE-2025-32318 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows... High Unreviewed
CVE-2025-48104 was published Sep 5, 2025
Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows... High Unreviewed
CVE-2025-48317 was published Sep 5, 2025
Some payload elements of the messages sent between two stations in a networking architecture are... High Unreviewed
CVE-2025-9999 was published Sep 5, 2025
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air... High Unreviewed
CVE-2025-30199 was published Sep 5, 2025
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots... High Unreviewed
CVE-2025-26452 was published Sep 5, 2025
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a... High Unreviewed
CVE-2025-26462 was published Sep 5, 2025
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a... High Unreviewed
CVE-2025-26435 was published Sep 5, 2025
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without... High Unreviewed
CVE-2025-26443 was published Sep 5, 2025
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the... High Unreviewed
CVE-2025-26444 was published Sep 5, 2025
In multiple functions of LocationProviderManager.java, there is a possible background activity... High Unreviewed
CVE-2025-26458 was published Sep 5, 2025
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app... High Unreviewed
CVE-2025-26450 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database