Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

103,266 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS.... High Unreviewed
CVE-2025-48311 was published Aug 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin... High Unreviewed
CVE-2025-48304 was published Aug 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner... High Unreviewed
CVE-2025-48306 was published Aug 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS.... High Unreviewed
CVE-2025-48325 was published Aug 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This... High Unreviewed
CVE-2025-48320 was published Aug 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget allows... High Unreviewed
CVE-2025-48321 was published Aug 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows... High Unreviewed
CVE-2025-48343 was published Aug 28, 2025
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0... High Unreviewed
CVE-2025-46409 was published Aug 28, 2025
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in... High Unreviewed
CVE-2025-58072 was published Aug 28, 2025
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in... High Unreviewed
CVE-2025-54819 was published Aug 28, 2025
Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16... High Unreviewed
CVE-2025-58081 was published Aug 28, 2025
Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and... High Unreviewed
CVE-2025-53396 was published Aug 28, 2025
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges... High Unreviewed
CVE-2025-58322 was published Aug 28, 2025
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2025-48963 was published Aug 28, 2025
The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-13807 was published Aug 28, 2025
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain... High Unreviewed
CVE-2025-36003 was published Aug 28, 2025
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-7812 was published Aug 28, 2025
An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows... High Unreviewed
CVE-2025-34520 was published Aug 28, 2025
Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language... High Unreviewed
CVE-2023-7307 was published Aug 28, 2025
SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON... High Unreviewed
CVE-2024-13982 was published Aug 28, 2025
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information... High Unreviewed
CVE-2023-7308 was published Aug 28, 2025
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in... High Unreviewed
CVE-2025-55618 was published Aug 27, 2025
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch... High Unreviewed
CVE-2025-55582 was published Aug 27, 2025
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the... High Unreviewed
CVE-2024-37777 was published Aug 27, 2025
If a DHCPv4 client sends a request with some specific options, and Kea fails to find an... High Unreviewed
CVE-2025-40779 was published Aug 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database