Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,193 advisories

Loading
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2024-45325 was published Sep 9, 2025
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7... Moderate Unreviewed
CVE-2025-53609 was published Sep 9, 2025
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by... Moderate Unreviewed
CVE-2025-47416 was published Sep 9, 2025
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle... Moderate Unreviewed
CVE-2025-10095 was published Sep 9, 2025
TYPO3 CMS exposes sensitive information in an error message Moderate
CVE-2025-59016 was published for typo3/cms-core (Composer) Sep 9, 2025
TYPO3 backend modules have Broken Access Control Moderate
CVE-2025-59017 was published for typo3/cms-backend (Composer) Sep 9, 2025
TYPO3 CSV download feature information disclosure Moderate
CVE-2025-59019 was published for typo3/cms-backend (Composer) Sep 9, 2025
TYPO3 Bookmark Toolbar vulnerable to denial of service Moderate
CVE-2025-59014 was published for typo3/cms-backend (Composer) Sep 9, 2025
TYPO3 CMS has an open‑redirect vulnerability Moderate
CVE-2025-59013 was published for typo3/cms-core (Composer) Sep 9, 2025
TYPO3 CMS uses insufficient entropy when generating passwords Moderate
CVE-2025-59015 was published for typo3/cms-core (Composer) Sep 9, 2025
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS... Moderate Unreviewed
CVE-2025-40594 was published Sep 9, 2025
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC... Moderate Unreviewed
CVE-2025-40757 was published Sep 9, 2025
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in... Moderate Unreviewed
CVE-2025-9542 was published Sep 9, 2025
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes... Moderate Unreviewed
CVE-2025-9061 was published Sep 9, 2025
The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of... Moderate Unreviewed
CVE-2025-9111 was published Sep 9, 2025
The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes... Moderate Unreviewed
CVE-2025-9058 was published Sep 9, 2025
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode... Moderate Unreviewed
CVE-2025-9489 was published Sep 9, 2025
The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files,... Moderate Unreviewed
CVE-2025-8889 was published Sep 9, 2025
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated... Moderate Unreviewed
CVE-2025-42923 was published Sep 9, 2025
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP... Moderate Unreviewed
CVE-2025-42925 was published Sep 9, 2025
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file... Moderate Unreviewed
CVE-2025-10122 was published Sep 9, 2025
Liferay Portal exposes 500 status when attempting login with a deleted client secret Moderate
CVE-2025-43777 was published for com.liferay:com.liferay.portal.security.sso.openid.connect.impl (Maven) Sep 9, 2025
SAP Business Planning and Consolidation allows an authenticated standard user to call a function... Moderate Unreviewed
CVE-2025-42930 was published Sep 9, 2025
SAP NetWeaver Application Server Java does not perform an authentication check when an attacker... Moderate Unreviewed
CVE-2025-42926 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database