Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,858 advisories

Loading
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the... Critical Unreviewed
CVE-2025-54143 was published Aug 19, 2025
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a... Critical Unreviewed
CVE-2025-54145 was published Aug 19, 2025
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start... Critical Unreviewed
CVE-2025-8042 was published Aug 19, 2025
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda... Critical Unreviewed
CVE-2025-27129 was published Aug 20, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi... Critical Unreviewed
CVE-2025-54713 was published Aug 20, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54726 was published Aug 20, 2025
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege... Critical Unreviewed
CVE-2025-54049 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content... Critical Unreviewed
CVE-2025-53299 was published Aug 20, 2025
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows... Critical Unreviewed
CVE-2025-53580 was published Aug 20, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54048 was published Aug 20, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS... Critical Unreviewed
CVE-2025-53577 was published Aug 20, 2025
Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical... Critical Unreviewed
CVE-2025-54014 was published Aug 20, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine... Critical Unreviewed
CVE-2025-48169 was published Aug 20, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip... Critical Unreviewed
CVE-2025-53213 was published Aug 20, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross... Critical Unreviewed
CVE-2025-49381 was published Aug 20, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for... Critical Unreviewed
CVE-2025-48148 was published Aug 20, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking &... Critical Unreviewed
CVE-2025-54677 was published Aug 20, 2025
Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack... Critical Unreviewed
CVE-2024-12223 was published Aug 20, 2025
A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to... Critical Unreviewed
CVE-2024-44373 was published Aug 19, 2025
screenshot-desktop vulnerable to command Injection via `format` option Critical
CVE-2025-55294 was published for screenshot-desktop (npm) Aug 19, 2025
RichardoC bencevans
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to... Critical Unreviewed
CVE-2020-13117 was published May 24, 2022
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function,... Critical Unreviewed
CVE-2025-50567 was published Aug 19, 2025
The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-6758 was published Aug 19, 2025
The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to... Critical Unreviewed
CVE-2025-8723 was published Aug 19, 2025
The Sante PACS Server Web Portal sends credential information without encryption. Critical Unreviewed
CVE-2025-54156 was published Aug 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database