Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
File contents could be read from the local file system by an attacker. Additionally, malicious... Critical Unreviewed
CVE-2025-24937 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... Critical Unreviewed
CVE-2025-24936 was published Jul 21, 2025
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability,... Critical Unreviewed
CVE-2025-7918 was published Jul 21, 2025
WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability,... Critical Unreviewed
CVE-2025-7916 was published Jul 21, 2025
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an... Critical Unreviewed
CVE-2025-53770 was published Jul 20, 2025
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2015-10135 was published Jul 19, 2025
The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2012-10019 was published Jul 19, 2025
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2016-15043 was published Jul 19, 2025
The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2015-10138 was published Jul 19, 2025
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud... Critical Unreviewed
CVE-2025-29757 was published Jul 19, 2025
The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for... Critical Unreviewed
CVE-2025-7697 was published Jul 19, 2025
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for... Critical Unreviewed
CVE-2025-7696 was published Jul 19, 2025
A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and... Critical Unreviewed
CVE-2025-7395 was published Jul 19, 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used,... Critical Unreviewed
CVE-2025-54309 was published Jul 18, 2025
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker... Critical Unreviewed
CVE-2025-47158 was published Jul 18, 2025
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49746 was published Jul 18, 2025
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49747 was published Jul 18, 2025
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed
CVE-2025-7444 was published Jul 18, 2025
A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to... Critical Unreviewed
CVE-2025-26855 was published Jul 18, 2025
A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers... Critical Unreviewed
CVE-2025-26854 was published Jul 18, 2025
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-7643 was published Jul 18, 2025
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User... Critical Unreviewed
CVE-2025-6222 was published Jul 18, 2025
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying... Critical Unreviewed
CVE-2025-53964 was published Jul 17, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to... Critical Unreviewed
CVE-2025-23266 was published Jul 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database