Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,721
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,946
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

280,003 advisories

Loading
Craft CMS stores arbitrary content provided by unauthenticated users in session files Moderate
CVE-2025-35939 was published for craftcms/cms (Composer) May 8, 2025
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
A vulnerability classified as critical has been found in code-projects Simple Bus Reservation... Moderate Unreviewed
CVE-2025-4498 was published May 10, 2025
A vulnerability classified as critical was found in code-projects Simple Hospital Management... Moderate Unreviewed
CVE-2025-4499 was published May 10, 2025
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This... Moderate Unreviewed
CVE-2025-4362 was published May 6, 2025
A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as... Moderate Unreviewed
CVE-2025-3242 was published Apr 4, 2025
Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed
CVE-2025-26817 was published Apr 3, 2025
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by... Moderate Unreviewed
CVE-2025-2912 was published Mar 28, 2025
A vulnerability classified as critical was found in SourceCodester Simple Hotel Booking System 1... Moderate Unreviewed
CVE-2025-3728 was published Apr 16, 2025
A vulnerability classified as critical has been found in code-projects Patient Record Management... Moderate Unreviewed
CVE-2025-3211 was published Apr 4, 2025
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi
The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-2953 was published May 22, 2024
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not... Moderate Unreviewed
CVE-2024-0427 was published Jun 12, 2024
A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been... Moderate Unreviewed
CVE-2024-12964 was published Dec 26, 2024
A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This... Moderate Unreviewed
CVE-2024-13191 was published Jan 9, 2025
A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical.... Moderate Unreviewed
CVE-2024-12988 was published Dec 27, 2024
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute... High Unreviewed
CVE-2022-40250 was published Sep 21, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-2864 was published Mar 25, 2024
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute... High Unreviewed
CVE-2022-40261 was published Sep 21, 2022
An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student... Critical Unreviewed
CVE-2023-41505 was published Mar 13, 2024
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button... Moderate Unreviewed
CVE-2024-1805 was published May 2, 2024
The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2023-6487 was published May 22, 2024
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross... High Unreviewed
CVE-2024-3600 was published Apr 19, 2024
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom... Moderate Unreviewed
CVE-2024-1842 was published May 2, 2024
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post... Moderate Unreviewed
CVE-2024-1840 was published May 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database