Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

96,071 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23845 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23840 was published Feb 17, 2025
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2025-0924 was published Feb 17, 2025
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular... High Unreviewed
CVE-2025-1389 was published Feb 17, 2025
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote... High Unreviewed
CVE-2025-1388 was published Feb 17, 2025
Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows... High Unreviewed
CVE-2025-26768 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22680 was published Feb 17, 2025
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored... High Unreviewed
CVE-2025-26759 was published Feb 17, 2025
Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to... High Unreviewed
CVE-2025-0591 was published Feb 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26755 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22286 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-44044 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22284 was published Feb 17, 2025
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(),... High Unreviewed
CVE-2025-1094 was published Feb 13, 2025
A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue... High Unreviewed
CVE-2025-1353 was published Feb 16, 2025
A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329.... High Unreviewed
CVE-2025-1340 was published Feb 16, 2025
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This... High Unreviewed
CVE-2024-0532 was published Jan 15, 2024
StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a... High Unreviewed
CVE-2025-26788 was published Feb 14, 2025
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via... High Unreviewed
CVE-2024-13488 was published Feb 15, 2025
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE)... High Unreviewed
CVE-2025-1302 was published Feb 15, 2025
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-11477 was published Nov 22, 2024
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 ... High Unreviewed
CVE-2024-5461 was published Feb 15, 2025
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. High Unreviewed
CVE-2024-4282 was published Feb 15, 2025
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. High Unreviewed
CVE-2025-26819 was published Feb 15, 2025
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online... High Unreviewed
CVE-2025-26156 was published Feb 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database