Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104,671 advisories

Loading
An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font... High Unreviewed
CVE-2025-27363 was published Mar 11, 2025
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-1561 was published Mar 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-30200 was published Mar 28, 2024
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget... High Unreviewed
CVE-2024-2006 was published Mar 13, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-30486 was published Mar 29, 2024
The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text'... High Unreviewed
CVE-2025-2106 was published Mar 13, 2025
The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id'... High Unreviewed
CVE-2025-2107 was published Mar 13, 2025
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... High Unreviewed
CVE-2024-3022 was published Apr 4, 2024
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7... High Unreviewed
CVE-2025-1937 was published Mar 4, 2025
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT High
CVE-2025-24813 was published for org.apache.tomcat:tomcat-catalina (Maven) Mar 10, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) High
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.... High Unreviewed
CVE-2025-24201 was published Mar 11, 2025
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify... High Unreviewed
CVE-2025-25616 was published Mar 10, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-32125 was published Apr 15, 2024
A critical information disclosure vulnerability exists in the web-based management interface of... High Unreviewed
CVE-2025-22961 was published Feb 14, 2025
A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... High Unreviewed
CVE-2025-0114 was published Mar 12, 2025
Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F... High Unreviewed
CVE-2024-26290 was published Mar 12, 2025
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices... High Unreviewed
CVE-2025-0117 was published Mar 12, 2025
SmallRye Fault Tolerance out-of-memory (OOM) issue High
CVE-2025-2240 was published for io.smallrye:smallrye-fault-tolerance-core (Maven) Mar 12, 2025
Cosmos SDK: x/group can halt when erroring in EndBlocker High
GHSA-47ww-ff84-4jrg was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2025
A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3... High Unreviewed
CVE-2025-25928 was published Mar 11, 2025
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user... High Unreviewed
CVE-2025-27910 was published Mar 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database