Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

129,420 advisories

Loading
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-1054 was published Apr 23, 2025
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API... Moderate Unreviewed
CVE-2025-42604 was published Apr 23, 2025
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive... Moderate Unreviewed
CVE-2024-10306 was published Apr 23, 2025
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor... Moderate Unreviewed
CVE-2025-2703 was published Apr 23, 2025
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and... Moderate Unreviewed
CVE-2025-2595 was published Apr 23, 2025
A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR... Moderate Unreviewed
CVE-2025-0618 was published Apr 23, 2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible... Moderate Unreviewed
CVE-2025-0926 was published Apr 23, 2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a... Moderate Unreviewed
CVE-2025-1056 was published Apr 23, 2025
A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to... Moderate Unreviewed
CVE-2025-27087 was published Apr 23, 2025
A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg... Moderate Unreviewed
CVE-2024-53569 was published Apr 22, 2025
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. Moderate Unreviewed
CVE-2025-29743 was published Apr 22, 2025
SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to... Moderate Unreviewed
CVE-2025-31328 was published Apr 22, 2025
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data... Moderate Unreviewed
CVE-2025-31327 was published Apr 22, 2025
A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal... Moderate Unreviewed
CVE-2024-53568 was published Apr 22, 2025
A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net... Moderate Unreviewed
CVE-2025-43952 was published Apr 22, 2025
A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows... Moderate Unreviewed
CVE-2023-44753 was published Apr 22, 2025
A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute... Moderate Unreviewed
CVE-2023-43378 was published Apr 22, 2025
TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the... Moderate Unreviewed
CVE-2025-28031 was published Apr 22, 2025
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF).... Moderate Unreviewed
CVE-2025-27907 was published Apr 22, 2025
Multiple XSS (CWE-79) Moderate Unreviewed
CVE-2025-23175 was published Apr 22, 2025
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2025-3472 was published Apr 22, 2025
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11299 was published Apr 22, 2025
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-3458 was published Apr 22, 2025
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-3457 was published Apr 22, 2025
Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows... Moderate Unreviewed
CVE-2025-46244 was published Apr 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database