Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,120 advisories

Loading
The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-3779 was published May 3, 2025
The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-4172 was published May 3, 2025
The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-4199 was published May 3, 2025
The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-4168 was published May 3, 2025
The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-4198 was published May 3, 2025
The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-4170 was published May 3, 2025
The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-4188 was published May 3, 2025
diplib Double Free Moderate
CVE-2021-39432 was published for diplib (pip) Nov 4, 2022
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information... Moderate Unreviewed
CVE-2022-37909 was published Dec 12, 2022
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE... Moderate Unreviewed
CVE-2022-37930 was published Dec 12, 2022
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series... Moderate Unreviewed
CVE-2022-37908 was published Dec 12, 2022
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any... Moderate Unreviewed
CVE-2022-40276 was published Nov 4, 2022
Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows... Moderate Unreviewed
CVE-2022-38582 was published Nov 4, 2022
In gpu drm, there is a possible out of bounds write due to improper input validation. This could... Moderate Unreviewed
CVE-2022-32603 was published Nov 9, 2022
A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as... Moderate Unreviewed
CVE-2025-4214 was published May 2, 2025
Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary... Moderate Unreviewed
CVE-2025-47153 was published May 1, 2025
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple... Moderate Unreviewed
CVE-2021-42205 was published Nov 7, 2022
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2022-35642 was published Nov 4, 2022
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse... Moderate Unreviewed
CVE-2022-43238 was published Nov 2, 2022
Information Disclosure via Flags override link Moderate
CVE-2025-46332 was published for @vercel/flags (npm) May 2, 2025
Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an... Moderate Unreviewed
CVE-2025-46629 was published May 2, 2025
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-44845 was published May 1, 2025
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-44848 was published May 1, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-44860 was published May 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database