GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,261
Composer 4,904
Erlang 38
GitHub Actions 38
Go 2,566
Maven 6,033
npm 4,237
NuGet 753
pip 4,001
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,775

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,705 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category... Critical Unreviewed

CVE-2025-10587 was published Oct 8, 2025

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed

CVE-2025-34252 was published Oct 7, 2025

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext... Critical Unreviewed

CVE-2025-44823 was published Oct 7, 2025

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0... Critical Unreviewed

CVE-2025-11462 was published Oct 7, 2025

A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online... Critical Unreviewed

CVE-2025-52021 was published Oct 7, 2025

Improper Resource Locking vulnerability in B&R Industrial Automation Automation Runtime.This... Critical Unreviewed

CVE-2025-3450 was published Oct 7, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2025-0603 was published Oct 7, 2025

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... Critical Unreviewed

CVE-2025-60965 was published Oct 6, 2025

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... Critical Unreviewed

CVE-2025-60964 was published Oct 6, 2025

A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows... Critical Unreviewed

CVE-2025-57515 was published Oct 6, 2025

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... Critical Unreviewed

CVE-2025-60957 was published Oct 6, 2025

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11... Critical Unreviewed

CVE-2025-36356 was published Oct 6, 2025

The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler... Critical Unreviewed

CVE-2025-57247 was published Oct 6, 2025

Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on... Critical Unreviewed

CVE-2025-10363 was published Oct 6, 2025

IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code... Critical Unreviewed

CVE-2023-49886 was published Oct 6, 2025

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component:... Critical Unreviewed

CVE-2025-61882 was published Oct 5, 2025

The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper... Critical Unreviewed

CVE-2025-9485 was published Oct 4, 2025

The module will parse a <pattern> node which is not a child of a structural node. The node will... Critical Unreviewed

CVE-2025-10729 was published Oct 3, 2025

When the module renders a Svg file that contains a <pattern> element, it might end up rendering... Critical Unreviewed

CVE-2025-10728 was published Oct 3, 2025

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed

CVE-2025-9286 was published Oct 3, 2025

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2025-9209 was published Oct 3, 2025

SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability... Critical Unreviewed

CVE-2025-40636 was published Oct 3, 2025

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is... Critical Unreviewed

CVE-2025-7721 was published Oct 3, 2025

The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter... Critical Unreviewed

CVE-2025-10726 was published Oct 3, 2025

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions... Critical Unreviewed

CVE-2025-6388 was published Oct 3, 2025

Previous 1…4…400 Next

Previous 1 2 3 4 5 6 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

23,705 advisories