Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,752
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,830 advisories

Loading
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Critical
CVE-2025-49136 was published for github.com/knadh/listmonk (Go) Jun 9, 2025
nakkouchtarek
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote... Critical Unreviewed
CVE-2025-3835 was published Jun 9, 2025
Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information... Critical Unreviewed
CVE-2025-5893 was published Jun 9, 2025
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an... Critical Unreviewed
CVE-2025-3461 was published Jun 8, 2025
In the moPS App through 1.8.618, all users can access administrative API endpoints without... Critical Unreviewed
CVE-2024-55585 was published Jun 7, 2025
An unauthorized remote attacker can bypass the authentication of the affected software package by... Critical Unreviewed
CVE-2025-41646 was published Jun 6, 2025
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object... Critical Unreviewed
CVE-2025-49072 was published Jun 6, 2025
Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object... Critical Unreviewed
CVE-2025-49073 was published Jun 6, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-c42h-56wx-h85q was published for auth0/login (Composer) Jun 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-47586 was published Jun 6, 2025
A missing authentication for critical function vulnerability in the client application of Soar... Critical Unreviewed
CVE-2025-5192 was published Jun 6, 2025
An unrestricted upload of file with dangerous type vulnerability in the upload file function of... Critical Unreviewed
CVE-2025-48782 was published Jun 6, 2025
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD... Critical Unreviewed
CVE-2025-48780 was published Jun 6, 2025
An improper neutralization of inputs used in expression language allows remote code execution... Critical Unreviewed
CVE-2025-3322 was published Jun 6, 2025
A predefined administrative account is not documented and cannot be deactivated. This account... Critical Unreviewed
CVE-2025-3321 was published Jun 6, 2025
A missing protection against path traversal allows to access any file on the server. Critical Unreviewed
CVE-2025-3365 was published Jun 6, 2025
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing... Critical Unreviewed
CVE-2025-5486 was published Jun 6, 2025
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-98j6-67v3-mw34 was published for auth0/symfony (Composer) Jun 6, 2025
Exposure of sensitive information to an unauthorized actor in Power Automate allows an... Critical Unreviewed
CVE-2025-47966 was published Jun 5, 2025
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that... Critical Unreviewed
CVE-2025-5701 was published Jun 5, 2025
Improper neutralization of input provided by an unauthorized user into changes__reference_id... Critical Unreviewed
CVE-2025-4568 was published Jun 5, 2025
llama_index vulnerable to SQL Injection Critical
CVE-2025-1793 was published for llama-index (pip) Jun 5, 2025
Malayke
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This... Critical Unreviewed
CVE-2025-5630 was published Jun 5, 2025
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This... Critical Unreviewed
CVE-2025-5624 was published Jun 5, 2025
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data Critical
GHSA-862m-5253-832r was published for auth0/wordpress (Composer) Jun 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database