GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,599
Composer 4,464
Erlang 33
GitHub Actions 22
Go 2,163
Maven 5,348
npm 3,821
NuGet 696
pip 3,502
Pub 12
RubyGems 909
Rust 904
Swift 38

Unreviewed advisories

All unreviewed 247,576

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

247,576 advisories

Filter by severity

Sort by

Least recently updated

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2024-30200 was published Mar 28, 2024

The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2024-1328 was published Mar 12, 2024

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget... High Unreviewed

CVE-2024-2006 was published Mar 13, 2024

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for... Moderate Unreviewed

CVE-2024-30462 was published Mar 29, 2024

Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through... Moderate Unreviewed

CVE-2024-30463 was published Mar 29, 2024

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2024-1723 was published Mar 13, 2024

A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified... Moderate Unreviewed

CVE-2024-2318 was published Mar 8, 2024

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2024-2031 was published Mar 12, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed

CVE-2024-30486 was published Mar 29, 2024

The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-1559 was published Mar 13, 2025

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text'... High Unreviewed

CVE-2025-2106 was published Mar 13, 2025

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id'... High Unreviewed

CVE-2025-2107 was published Mar 13, 2025

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed

CVE-2024-13703 was published Mar 13, 2025

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... High Unreviewed

CVE-2024-3022 was published Apr 4, 2024

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7... High Unreviewed

CVE-2025-1937 was published Mar 4, 2025

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.... High Unreviewed

CVE-2025-24201 was published Mar 11, 2025

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a... Moderate Unreviewed

CVE-2025-26695 was published Mar 10, 2025

An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a... Moderate Unreviewed

CVE-2025-25774 was published Mar 12, 2025

An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of... Moderate Unreviewed

CVE-2024-57492 was published Mar 10, 2025

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify... High Unreviewed

CVE-2025-25616 was published Mar 10, 2025

An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML... Moderate Unreviewed

CVE-2024-34398 was published Mar 12, 2025

VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of... Critical Unreviewed

CVE-2025-25940 was published Mar 10, 2025

AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF... Moderate Unreviewed

CVE-2025-25683 was published Mar 12, 2025

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance... Moderate Unreviewed

CVE-2025-25615 was published Mar 10, 2025

A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to... Moderate Unreviewed

CVE-2023-0597 was published Feb 23, 2023

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

247,576 advisories