Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,653 advisories

Loading
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino... Critical Unreviewed
CVE-2025-26966 was published Feb 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-26974 was published Feb 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-26943 was published Feb 25, 2025
Deserialization of Untrusted Data vulnerability in flexmls Flexmls® IDX allows Object Injection.... Critical Unreviewed
CVE-2025-26900 was published Feb 25, 2025
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress... Critical Unreviewed
CVE-2025-1128 was published Feb 25, 2025
In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an... Critical Unreviewed
CVE-2024-56525 was published Feb 25, 2025
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2025-22974 was published Feb 25, 2025
NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL... Critical Unreviewed
CVE-2024-53544 was published Feb 25, 2025
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-27364 was published Feb 24, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO Critical
GHSA-vp58-j275-797x was published for better-auth (npm) Feb 24, 2025
castilho101
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote... Critical Unreviewed
CVE-2025-26201 was published Feb 24, 2025
XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2024-54820 was published Feb 24, 2025
Mattermost allows reading arbitrary files related to importing boards Critical
CVE-2025-25279 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail... Critical Unreviewed
CVE-2025-24490 was published Feb 24, 2025
Mattermost allows reading arbitrary files Critical
CVE-2025-20051 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload... Critical Unreviewed
CVE-2025-26776 was published Feb 22, 2025
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider... Critical Unreviewed
CVE-2025-26763 was published Feb 22, 2025
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti... Critical Unreviewed
CVE-2024-38657 was published Feb 21, 2025
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in... Critical Unreviewed
CVE-2025-25676 was published Feb 21, 2025
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter... Critical Unreviewed
CVE-2025-25678 was published Feb 21, 2025
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via... Critical Unreviewed
CVE-2025-25674 was published Feb 21, 2025
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter... Critical Unreviewed
CVE-2025-25668 was published Feb 21, 2025
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand... Critical Unreviewed
CVE-2025-25675 was published Feb 21, 2025
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the... Critical Unreviewed
CVE-2025-25667 was published Feb 21, 2025
A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of... Critical Unreviewed
CVE-2025-25663 was published Feb 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database