Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,754 advisories

Loading
MineAdmin has an insecure default password Critical
CVE-2025-65854 was published for mineadmin/mineadmin (Composer) Dec 12, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation Critical
CVE-2025-66568 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-66567 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
Plesk 18.0 has Incorrect Access Control. Critical Unreviewed
CVE-2025-66430 was published Dec 12, 2025
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows... Critical Unreviewed
CVE-2024-58299 was published Dec 12, 2025
Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache... Critical Unreviewed
CVE-2025-58130 was published Dec 12, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34329 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34328 was published Nov 19, 2025
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt... Critical Unreviewed
CVE-2025-25948 was published Mar 3, 2025
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was... Critical Unreviewed
CVE-2025-25953 was published Mar 3, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwn Cycloctane
Credited to zeropwn and Cycloctane
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors
Credited to sixcolors
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-14344 was published Dec 12, 2025
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for... Critical Unreviewed
CVE-2025-12963 was published Dec 12, 2025
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to... Critical Unreviewed
CVE-2024-58308 was published Dec 12, 2025
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections... Critical Unreviewed
CVE-2024-58290 was published Dec 12, 2025
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability... Critical Unreviewed
CVE-2024-58298 was published Dec 12, 2025
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view... Critical Unreviewed
CVE-2024-58307 was published Dec 12, 2025
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to... Critical Unreviewed
CVE-2024-58301 was published Dec 12, 2025
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject... Critical Unreviewed
CVE-2024-58286 was published Dec 12, 2025
The mobile application is configured to allow clear text traffic to all domains and communicates... Critical Unreviewed
CVE-2025-65827 was published Dec 10, 2025
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in... Critical Unreviewed
CVE-2025-63742 was published Dec 9, 2025
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can... Critical Unreviewed
CVE-2025-65820 was published Dec 10, 2025
Due to a lack of certificate validation, all traffic from the mobile application can be... Critical Unreviewed
CVE-2025-65830 was published Dec 10, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-67529 was published Dec 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database