Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,554 advisories

Loading
The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and... Critical Unreviewed
CVE-2024-10763 was published Feb 13, 2025
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote... Critical Unreviewed
CVE-2025-0896 was published Feb 13, 2025
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0... Critical Unreviewed
CVE-2024-7102 was published Feb 13, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Critical
GHSA-vjh7-7g9h-fjfh was published for elliptic (npm) Feb 12, 2025
ChALkeR
Inefficient Regular Expression Complexity in koa Critical
CVE-2025-25200 was published for koa (npm) Feb 12, 2025
R4356th
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed
CVE-2025-26359 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26361 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed
CVE-2025-26342 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26347 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q... Critical Unreviewed
CVE-2025-26344 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26345 was published Feb 12, 2025
A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal... Critical Unreviewed
CVE-2025-1100 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed
CVE-2025-26341 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free... Critical Unreviewed
CVE-2025-26339 was published Feb 12, 2025
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-10960 was published Feb 12, 2025
SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract... Critical Unreviewed
CVE-2024-32838 was published Feb 12, 2025
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions... Critical Unreviewed
CVE-2024-12213 was published Feb 12, 2025
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-13365 was published Feb 12, 2025
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2024-13421 was published Feb 12, 2025
Command injection in Ray Critical
CVE-2024-57000 was published for ray (pip) Feb 12, 2025
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2022-3180 was published Feb 12, 2025
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2025-1044 was published Feb 11, 2025
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database