GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,034
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,356
NuGet 765
pip 4,117
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,750

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

24,235 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed

CVE-2025-4967 was published May 29, 2025

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy... Critical Unreviewed

CVE-2025-0890 was published Feb 4, 2025

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that... Critical Unreviewed

CVE-2023-53877 was published Dec 15, 2025

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows... Critical Unreviewed

CVE-2023-53872 was published Dec 15, 2025

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers... Critical Unreviewed

CVE-2023-53881 was published Dec 15, 2025

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs)... Critical Unreviewed

CVE-2025-13888 was published Dec 15, 2025

MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in... Critical Unreviewed

CVE-2025-65213 was published Dec 15, 2025

In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds... Critical Unreviewed

CVE-2025-36937 was published Dec 11, 2025

The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed

CVE-2025-14156 was published Dec 15, 2025

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X.... Critical Unreviewed

CVE-2025-36751 was published Dec 13, 2025

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented... Critical Unreviewed

CVE-2025-36752 was published Dec 13, 2025

The authentication mechanism on web interface is not properly implemented. It is possible to... Critical Unreviewed

CVE-2025-36754 was published Dec 13, 2025

ShineLan-X contains a set of credentials for an FTP server was found within the firmware,... Critical Unreviewed

CVE-2025-36747 was published Dec 13, 2025

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions... Critical Unreviewed

CVE-2025-14440 was published Dec 13, 2025

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via... Critical Unreviewed

CVE-2025-10738 was published Dec 13, 2025

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive... Critical Unreviewed

CVE-2025-11693 was published Dec 13, 2025

Plesk 18.0 has Incorrect Access Control. Critical Unreviewed

CVE-2025-66430 was published Dec 12, 2025

PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows... Critical Unreviewed

CVE-2024-58299 was published Dec 12, 2025

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache... Critical Unreviewed

CVE-2025-58130 was published Dec 12, 2025

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed

CVE-2025-34329 was published Nov 19, 2025

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed

CVE-2025-34328 was published Nov 19, 2025

Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was... Critical Unreviewed

CVE-2025-25953 was published Mar 3, 2025

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt... Critical Unreviewed

CVE-2025-25948 was published Mar 3, 2025

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed

CVE-2025-14344 was published Dec 12, 2025

The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for... Critical Unreviewed

CVE-2025-12963 was published Dec 12, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

24,235 advisories