GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,028
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,353
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,587

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

106,810 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files,... High Unreviewed

CVE-2025-12835 was published Dec 12, 2025

Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract:... High Unreviewed

CVE-2025-23408 was published Dec 12, 2025

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue... High Unreviewed

CVE-2025-58137 was published Dec 12, 2025

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-14169 was published Dec 12, 2025

The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed

CVE-2025-12570 was published Dec 12, 2025

The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by'... High Unreviewed

CVE-2025-14068 was published Dec 12, 2025

A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected... High Unreviewed

CVE-2025-40829 was published Dec 12, 2025

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed

CVE-2025-14044 was published Dec 12, 2025

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed

CVE-2025-12968 was published Dec 12, 2025

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and... High Unreviewed

CVE-2025-13334 was published Dec 12, 2025

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions... High Unreviewed

CVE-2025-12824 was published Dec 12, 2025

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to... High Unreviewed

CVE-2025-13886 was published Dec 12, 2025

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS... High Unreviewed

CVE-2025-13053 was published Dec 12, 2025

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM... High Unreviewed

CVE-2025-10451 was published Dec 12, 2025

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an... High Unreviewed

CVE-2025-13052 was published Dec 12, 2025

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers... High Unreviewed

CVE-2024-58313 was published Dec 12, 2025

APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated... High Unreviewed

CVE-2024-58310 was published Dec 12, 2025

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote... High Unreviewed

CVE-2024-58309 was published Dec 12, 2025

xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to... High Unreviewed

CVE-2024-58312 was published Dec 12, 2025

minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash... High Unreviewed

CVE-2024-58306 was published Dec 12, 2025

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability... High Unreviewed

CVE-2025-34506 was published Dec 12, 2025

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated... High Unreviewed

CVE-2024-58293 was published Dec 12, 2025

reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine... High Unreviewed

CVE-2024-58287 was published Dec 12, 2025

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that... High Unreviewed

CVE-2024-58294 was published Dec 12, 2025

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability... High Unreviewed

CVE-2024-58300 was published Dec 12, 2025

Previous 12…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

106,810 advisories