Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

113,471 advisories

Loading
EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing... High Unreviewed
CVE-2025-12503 was published Nov 3, 2025
The privileged user could log in without sufficient credentials after enabling an application... High Unreviewed
CVE-2025-48397 was published Nov 3, 2025
Arbitrary code execution is possible due to improper validation of the file upload functionality... High Unreviewed
CVE-2025-48396 was published Nov 3, 2025
A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the... High Unreviewed
CVE-2025-12618 was published Nov 3, 2025
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the... High Unreviewed
CVE-2025-12622 was published Nov 3, 2025
A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function... High Unreviewed
CVE-2025-12619 was published Nov 3, 2025
A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function... High Unreviewed
CVE-2025-12611 was published Nov 3, 2025
A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function... High Unreviewed
CVE-2025-12596 was published Nov 2, 2025
A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function... High Unreviewed
CVE-2025-12595 was published Nov 2, 2025
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM... High Unreviewed
CVE-2025-36367 was published Nov 1, 2025
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due... High Unreviewed
CVE-2025-12171 was published Nov 1, 2025
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-6574 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for... High Unreviewed
CVE-2025-11755 was published Nov 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-5949 was published Nov 1, 2025
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event... High Unreviewed
CVE-2025-11995 was published Nov 1, 2025
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to... High Unreviewed
CVE-2025-11920 was published Nov 1, 2025
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will... High Unreviewed
CVE-2025-10693 was published Oct 31, 2025
Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a... High Unreviewed
CVE-2025-63561 was published Oct 31, 2025
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target... High Unreviewed
CVE-2025-64349 was published Oct 31, 2025
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in... High Unreviewed
CVE-2025-62618 was published Oct 31, 2025
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo
Credited to JasonLovesDoggo
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid... High Unreviewed
CVE-2025-63465 was published Oct 31, 2025
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid... High Unreviewed
CVE-2025-63464 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database