Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,826 advisories

Loading
PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a... Critical Unreviewed
CVE-2024-51101 was published May 23, 2025
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-5975 was published Jul 30, 2024
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2024-5765 was published Jul 30, 2024
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6847 was published Aug 20, 2024
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included... Critical Unreviewed
CVE-2022-28802 was published Sep 22, 2022
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
Apache Pinot Vulnerable to Authentication Bypass Critical
CVE-2024-56325 was published for org.apache.pinot:pinot-broker (Maven) Apr 1, 2025
AnonySE26
An integer overflow in WhatsApp could result in remote code execution in an established video call. Critical Unreviewed
CVE-2022-36934 was published Sep 23, 2022
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing... Critical Unreviewed
CVE-2025-48828 was published May 27, 2025
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke... Critical Unreviewed
CVE-2025-48827 was published May 27, 2025
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows... Critical Unreviewed
CVE-2025-23394 was published May 26, 2025
U-Boot vulnerability resulting in persistent Code Execution  Critical Unreviewed
CVE-2023-48425 was published Dec 11, 2023
Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via... Critical Unreviewed
CVE-2022-31937 was published Sep 23, 2022
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is... Critical Unreviewed
CVE-2022-37235 was published Sep 25, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer... Critical Unreviewed
CVE-2025-35003 was published May 26, 2025
A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to... Critical Unreviewed
CVE-2022-40089 was published Sep 23, 2022
Rancher Webhook is misconfigured during upgrade process Critical
CVE-2023-22651 was published for github.com/rancher/rancher (Go) Apr 24, 2023
pjbgf
The devices are vulnerable to an authentication bypass due to flaws in the authorization... Critical Unreviewed
CVE-2025-41652 was published May 27, 2025
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows... Critical Unreviewed
CVE-2025-2407 was published May 27, 2025
Due to missing authentication on a critical function of the devices an unauthenticated remote... Critical Unreviewed
CVE-2025-41651 was published May 27, 2025
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Critical
CVE-2025-46337 was published for adodb/adodb-php (Composer) May 1, 2025
mrcnpp dregad
Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to... Critical Unreviewed
CVE-2025-40664 was published May 26, 2025
SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an... Critical Unreviewed
CVE-2025-40671 was published May 26, 2025
Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers... Critical Unreviewed
CVE-2025-2146 was published May 26, 2025
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files... Critical Unreviewed
CVE-2023-38951 was published Aug 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database