Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

103,885 advisories

Loading
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26964 was published Feb 25, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26979 was published Feb 25, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26957 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26981 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26991 was published Feb 25, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26985 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26993 was published Feb 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26971 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26987 was published Feb 25, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26932 was published Feb 25, 2025
Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This... High Unreviewed
CVE-2025-26935 was published Feb 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26946 was published Feb 25, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting... High Unreviewed
CVE-2025-26931 was published Feb 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26915 was published Feb 25, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-26905 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26907 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26751 was published Feb 25, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-26752 was published Feb 25, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-26753 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26868 was published Feb 25, 2025
The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all... High Unreviewed
CVE-2025-1648 was published Feb 25, 2025
Moodle has an arbitrary file read risk through pdfTeX High
CVE-2025-26525 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a SQL injection risk in course search module list filter High
CVE-2025-26533 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS risk in admin live log High
CVE-2025-26529 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle allows reflected XSS via question bank filter High
CVE-2025-26530 was published for moodle/moodle (Composer) Feb 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database