Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,114
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

110,711 advisories

Loading
A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the... High Unreviewed
CVE-2026-3678 was published Mar 8, 2026
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the... High Unreviewed
CVE-2026-3679 was published Mar 8, 2026
A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the... High Unreviewed
CVE-2026-3677 was published Mar 8, 2026
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-14675 was published Mar 7, 2026
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar... High Unreviewed
CVE-2026-1074 was published Mar 7, 2026
The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8899 was published Mar 7, 2026
The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2026-2020 was published Mar 7, 2026
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2026-3352 was published Mar 7, 2026
The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all... High Unreviewed
CVE-2025-14353 was published Mar 7, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable... High Unreviewed
CVE-2026-25072 was published Mar 7, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing... High Unreviewed
CVE-2026-25071 was published Mar 7, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-20882 was published Mar 6, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-24696 was published Mar 6, 2026
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to... High Unreviewed
CVE-2018-25199 was published Mar 6, 2026
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP... High Unreviewed
CVE-2026-2753 was published Mar 6, 2026
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication... High Unreviewed
CVE-2026-2754 was published Mar 6, 2026
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25166 was published Mar 6, 2026
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2018-25180 was published Mar 6, 2026
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25172 was published Mar 6, 2026
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows... High Unreviewed
CVE-2018-25182 was published Mar 6, 2026
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25173 was published Mar 6, 2026
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access... High Unreviewed
CVE-2018-25187 was published Mar 6, 2026
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25181 was published Mar 6, 2026
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25175 was published Mar 6, 2026
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of... High Unreviewed
CVE-2018-25189 was published Mar 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database