Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,567 advisories

Loading
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to... High Unreviewed
CVE-2025-55319 was published Sep 12, 2025
The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions... High Unreviewed
CVE-2025-10269 was published Sep 12, 2025
The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s... High Unreviewed
CVE-2025-9807 was published Sep 12, 2025
Neo4j Cypher MCP server is vulnerable to DNS rebinding High
CVE-2025-10193 was published for mcp-neo4j-cypher (pip) Sep 11, 2025
eharris128
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for... High Unreviewed
CVE-2025-36222 was published Sep 11, 2025
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0... High Unreviewed
CVE-2025-8061 was published Sep 11, 2025
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below... High Unreviewed
CVE-2025-8557 was published Sep 11, 2025
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary... High Unreviewed
CVE-2025-9319 was published Sep 11, 2025
Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key... High Unreviewed
CVE-2025-10127 was published Sep 11, 2025
A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal... High Unreviewed
CVE-2025-9201 was published Sep 11, 2025
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to... High Unreviewed
CVE-2025-21034 was published Sep 11, 2025
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124,... High Unreviewed
CVE-2025-43790 was published Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... High Unreviewed
CVE-2025-58145 was published Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... High Unreviewed
CVE-2025-58144 was published Sep 11, 2025
Prebid.js NPM package briefly compromised High
CVE-2025-59038 was published for prebid.js (npm) Sep 11, 2025
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data... High Unreviewed
CVE-2025-9018 was published Sep 11, 2025
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. High Unreviewed
CVE-2025-58320 was published Sep 11, 2025
The User Meta – User Profile Builder and User management plugin plugin for WordPress is... High Unreviewed
CVE-2025-9693 was published Sep 11, 2025
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2025-9874 was published Sep 11, 2025
A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server ... High Unreviewed
CVE-2025-9918 was published Sep 11, 2025
The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection... High Unreviewed
CVE-2025-8417 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-8425 was published Sep 11, 2025
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8422 was published Sep 11, 2025
The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'post_id'... High Unreviewed
CVE-2025-9073 was published Sep 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database