Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,487 advisories

Loading
The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File... High Unreviewed
CVE-2025-11087 was published Nov 21, 2025
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to... High Unreviewed
CVE-2025-62626 was published Nov 21, 2025
This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen... High Unreviewed
CVE-2025-13132 was published Nov 21, 2025
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public... High Unreviewed
CVE-2025-13470 was published Nov 21, 2025
The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress... High Unreviewed
CVE-2025-12973 was published Nov 21, 2025
thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS High
CVE-2025-65947 was published for thread-amount (Rust) Nov 21, 2025
jzeuzs
Credited to jzeuzs
Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default High
CVE-2025-13357 was published for github.com/hashicorp/terraform-provider-vault (Go) Nov 21, 2025
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email... High Unreviewed
CVE-2025-66055 was published Nov 21, 2025
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2025-12160 was published Nov 21, 2025
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columns_search'... High Unreviewed
CVE-2025-13138 was published Nov 21, 2025
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-13322 was published Nov 21, 2025
The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2025-13156 was published Nov 21, 2025
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross... High Unreviewed
CVE-2025-13159 was published Nov 21, 2025
The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'css_code'... High Unreviewed
CVE-2025-12135 was published Nov 21, 2025
The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-11985 was published Nov 21, 2025
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-12138 was published Nov 21, 2025
Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows... High Unreviewed
CVE-2025-64695 was published Nov 21, 2025
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service High Unreviewed
CVE-2025-13499 was published Nov 21, 2025
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11... High Unreviewed
CVE-2025-36072 was published Nov 21, 2025
Azure Monitor Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-62207 was published Nov 21, 2025
Microsoft Defender Portal Spoofing Vulnerability High Unreviewed
CVE-2025-62459 was published Nov 21, 2025
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized... High Unreviewed
CVE-2025-64655 was published Nov 21, 2025
Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/... High Unreviewed
CVE-2025-61138 was published Nov 21, 2025
Minder does not sandbox http.send in Rego programs High
GHSA-6xvf-4vh9-mw47 was published for github.com/mindersec/minder (Go) Nov 20, 2025
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in... High Unreviewed
CVE-2025-48986 was published Nov 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database