Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,759 advisories

Loading
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
RubenHalman
Credited to RubenHalman
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects... Moderate Unreviewed
CVE-2025-12843 was published Dec 12, 2025
MineAdmin has an insecure default password Critical
CVE-2025-65854 was published for mineadmin/mineadmin (Composer) Dec 12, 2025
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up... Moderate Unreviewed
CVE-2025-14166 was published Dec 12, 2025
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the... Moderate Unreviewed
CVE-2025-36938 was published Dec 11, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwn Cycloctane
Credited to zeropwn and Cycloctane
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before... High Unreviewed
CVE-2025-55313 was published Dec 11, 2025
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows... High Unreviewed
CVE-2024-58284 was published Dec 11, 2025
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025... Critical Unreviewed
CVE-2025-65294 was published Dec 11, 2025
The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack... Moderate Unreviewed
CVE-2025-65829 was published Dec 10, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give... High Unreviewed
CVE-2025-66533 was published Dec 9, 2025
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed
CVE-2025-42880 was published Dec 9, 2025
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &... Moderate Unreviewed
CVE-2025-13642 was published Dec 9, 2025
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2025-14324 was published Dec 9, 2025
Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE) High
CVE-2025-67509 was published for neuron-core/neuron-ai (Composer) Dec 9, 2025
siewer
Credited to siewer
Elysia affected by arbitrary code injection through cookie config High
CVE-2025-66457 was published for elysia (npm) Dec 9, 2025
sportshead
Credited to sportshead
@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server Critical
CVE-2025-67489 was published for @vitejs/plugin-rsc (npm) Dec 8, 2025
xdavidhu
Credited to xdavidhu
Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user... High Unreviewed
CVE-2025-65271 was published Dec 8, 2025
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution... Critical Unreviewed
CVE-2025-13486 was published Dec 3, 2025
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute... Critical Unreviewed
CVE-2025-13658 was published Dec 2, 2025
vLLM vulnerable to remote code execution via transformers_utils/get_config High
CVE-2025-66448 was published for vllm (pip) Dec 2, 2025
Vancir Isotr0py
DarkLight1337 russellb
Credited to Vancir, Isotr0py, DarkLight1337, and russellb
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass High
CVE-2025-66294 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection) High
CVE-2025-66299 was published for getgrav/grav (Composer) Dec 2, 2025
justwove
Credited to justwove
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’... High Unreviewed
CVE-2024-39148 was published Dec 1, 2025
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665.... Moderate Unreviewed
CVE-2025-13786 was published Nov 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database