Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,370 advisories

Loading
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2024-13421 was published Feb 12, 2025
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2025-1044 was published Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... Critical Unreviewed
CVE-2025-24434 was published Feb 11, 2025
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability Critical Unreviewed
CVE-2025-21198 was published Feb 11, 2025
A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the... Critical Unreviewed
CVE-2025-1126 was published Feb 11, 2025
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote... Critical Unreviewed
CVE-2024-47908 was published Feb 11, 2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote... Critical Unreviewed
CVE-2025-22467 was published Feb 11, 2025
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before... Critical Unreviewed
CVE-2024-10644 was published Feb 11, 2025
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root... Critical Unreviewed
CVE-2025-26410 was published Feb 11, 2025
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up... Critical Unreviewed
CVE-2025-0180 was published Feb 11, 2025
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed
CVE-2025-0181 was published Feb 11, 2025
School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing... Critical Unreviewed
CVE-2025-1144 was published Feb 11, 2025
The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-13011 was published Feb 10, 2025
The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2025-0316 was published Feb 9, 2025
An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2024-55215 was published Feb 8, 2025
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote... Critical Unreviewed
CVE-2024-57249 was published Feb 7, 2025
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and... Critical Unreviewed
CVE-2024-57707 was published Feb 7, 2025
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an... Critical Unreviewed
CVE-2025-1107 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows... Critical Unreviewed
CVE-2025-25106 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site... Critical Unreviewed
CVE-2025-25107 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site... Critical Unreviewed
CVE-2025-25101 was published Feb 7, 2025
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and... Critical Unreviewed
CVE-2025-1077 was published Feb 7, 2025
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2025-1061 was published Feb 7, 2025
Multiple Elber products are affected by an authentication bypass vulnerability which allows... Critical Unreviewed
CVE-2025-0674 was published Feb 7, 2025
A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >=... Critical Unreviewed
CVE-2025-22992 was published Feb 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database