Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,159 advisories

Loading
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
The device has two web servers that expose unauthenticated REST APIs on the management network ... Critical Unreviewed
CVE-2025-3499 was published Jul 9, 2025
An unauthenticated user with management network access can get and modify the Radiflow iSAP... Critical Unreviewed
CVE-2025-3498 was published Jul 9, 2025
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4606 was published Jul 9, 2025
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that... Critical Unreviewed
CVE-2025-34077 was published Jul 9, 2025
An unrestricted file upload vulnerability exists in the WordPress AIT CSV Import/Export plugin ≤... Critical Unreviewed
CVE-2025-34083 was published Jul 9, 2025
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep... Critical Unreviewed
CVE-2025-34084 was published Jul 9, 2025
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to... Critical Unreviewed
CVE-2025-34085 was published Jul 9, 2025
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion... Critical Unreviewed
CVE-2025-4855 was published Jul 9, 2025
The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-4828 was published Jul 9, 2025
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of... Critical Unreviewed
CVE-2025-49533 was published Jul 9, 2025
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data... Critical Unreviewed
CVE-2025-27203 was published Jul 9, 2025
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing... Critical Unreviewed
CVE-2025-37103 was published Jul 8, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction... Critical Unreviewed
CVE-2025-49535 was published Jul 8, 2025
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker... Critical Unreviewed
CVE-2025-47981 was published Jul 8, 2025
Cryptographic issue occurs due to use of insecure connection method while downloading. Critical Unreviewed
CVE-2025-21450 was published Jul 8, 2025
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This... Critical Unreviewed
CVE-2025-40714 was published Jul 8, 2025
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This... Critical Unreviewed
CVE-2025-40712 was published Jul 8, 2025
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This... Critical Unreviewed
CVE-2025-40717 was published Jul 8, 2025
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This... Critical Unreviewed
CVE-2025-40715 was published Jul 8, 2025
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This... Critical Unreviewed
CVE-2025-40716 was published Jul 8, 2025
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This... Critical Unreviewed
CVE-2025-40711 was published Jul 8, 2025
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This... Critical Unreviewed
CVE-2025-40713 was published Jul 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database