Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
LaRecipe is vulnerable to Server-Side Template Injection attacks Critical
CVE-2025-53833 was published for binarytorch/larecipe (Composer) Jul 14, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class Critical
CVE-2025-53623 was published for job-iteration (RubyGems) Jul 14, 2025
calysteon yehuda-alt
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-50756 was published Jul 14, 2025
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-7451 was published Jul 14, 2025
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up... Critical Unreviewed
CVE-2020-36847 was published Jul 12, 2025
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2020-36849 was published Jul 12, 2025
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2025-6058 was published Jul 12, 2025
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an... Critical Unreviewed
CVE-2023-38036 was published Jul 12, 2025
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent... Critical Unreviewed
CVE-2024-38648 was published Jul 12, 2025
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet... Critical Unreviewed
CVE-2025-7503 was published Jul 11, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Critical Unreviewed
CVE-2025-50121 was published Jul 11, 2025
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to... Critical Unreviewed
CVE-2025-5392 was published Jul 11, 2025
The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-7401 was published Jul 11, 2025
The communication protocol used between client and server had a flaw that could lead to an... Critical Unreviewed
CVE-2025-30023 was published Jul 11, 2025
Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive... Critical Unreviewed
CVE-2025-52579 was published Jul 11, 2025
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically... Critical Unreviewed
CVE-2025-34095 was published Jul 10, 2025
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4... Critical Unreviewed
CVE-2025-34101 was published Jul 10, 2025
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability... Critical Unreviewed
CVE-2025-2523 was published Jul 10, 2025
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2.... Critical Unreviewed
CVE-2025-34096 was published Jul 10, 2025
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009)... Critical Unreviewed
CVE-2025-34102 was published Jul 10, 2025
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of... Critical Unreviewed
CVE-2025-34100 was published Jul 10, 2025
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2... Critical Unreviewed
CVE-2025-34099 was published Jul 10, 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes,... Critical Unreviewed
CVE-2025-47812 was published Jul 10, 2025
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control... Critical Unreviewed
CVE-2025-23048 was published Jul 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database