Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,508 advisories

Loading
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat... Critical Unreviewed
CVE-2025-1866 was published Mar 3, 2025
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Critical Unreviewed
CVE-2025-1867 was published Mar 3, 2025
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in... Critical Unreviewed
CVE-2025-1864 was published Mar 3, 2025
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an... Critical Unreviewed
CVE-2025-27590 was published Mar 3, 2025
The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and... Critical Unreviewed
CVE-2025-1564 was published Mar 1, 2025
The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-1671 was published Mar 1, 2025
The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-1638 was published Mar 1, 2025
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation... Critical Unreviewed
CVE-2024-12824 was published Mar 1, 2025
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows... Critical Unreviewed
CVE-2025-27554 was published Mar 1, 2025
An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge... Critical Unreviewed
CVE-2025-23116 was published Mar 1, 2025
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-23115 was published Mar 1, 2025
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2... Critical Unreviewed
CVE-2025-0159 was published Feb 28, 2025
Application does not limit the number or frequency of user interactions, such as the number of... Critical Unreviewed
CVE-2025-22273 was published Feb 28, 2025
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx).... Critical Unreviewed
CVE-2025-1413 was published Feb 28, 2025
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local... Critical Unreviewed
CVE-2024-9193 was published Feb 28, 2025
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed
CVE-2024-8420 was published Feb 28, 2025
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads... Critical Unreviewed
CVE-2024-8425 was published Feb 28, 2025
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or... Critical Unreviewed
CVE-2025-1744 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. Critical Unreviewed
CVE-2024-37567 was published Feb 28, 2025
In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible,... Critical Unreviewed
CVE-2024-38292 was published Feb 28, 2025
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. Critical Unreviewed
CVE-2025-26325 was published Feb 28, 2025
Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded... Critical Unreviewed
CVE-2025-25570 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. Critical Unreviewed
CVE-2024-36047 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 executes with more privileges than required. Critical Unreviewed
CVE-2024-36046 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. Critical Unreviewed
CVE-2024-37566 was published Feb 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database