Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,854 advisories

Loading
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13619 was published Dec 20, 2025
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads... Critical Unreviewed
CVE-2025-13329 was published Dec 20, 2025
Ollama Platform has missing authentication enabling attackers to perform model management operations Critical
CVE-2025-63389 was published for github.com/ollama/ollama (Go) Dec 18, 2025
Weblate is vulnerable to RCE through Git config file overwrite Critical
CVE-2025-68398 was published for Weblate (pip) Dec 18, 2025
secjson nijel
Credited to secjson and nijel
Ray has arbitrary code execution via jobs submission API Critical
CVE-2023-48022 was published for ray (pip) Nov 28, 2023
JLLeitschuh
Credited to JLLeitschuh
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
An issue in GT Edge AI Platform Versions before v2.0.10-dev allows attackers to execute arbitrary... Critical Unreviewed
CVE-2025-63665 was published Dec 19, 2025
Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146... Critical Unreviewed
CVE-2025-14860 was published Dec 18, 2025
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution... Critical Unreviewed
CVE-2025-34433 was published Dec 19, 2025
MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to... Critical Unreviewed
CVE-2023-53771 was published Dec 9, 2025
AVideo versions prior to 20.0 with the ImageGallery plugin enabled is vulnerable to... Critical Unreviewed
CVE-2025-34434 was published Dec 17, 2025
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root... Critical Unreviewed
CVE-2025-13184 was published Dec 10, 2025
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows... Critical Unreviewed
CVE-2023-53950 was published Dec 19, 2025
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the... Critical Unreviewed
CVE-2023-53948 was published Dec 19, 2025
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function... Critical Unreviewed
CVE-2025-14964 was published Dec 19, 2025
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit... Critical Unreviewed
CVE-2023-53951 was published Dec 19, 2025
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated... Critical Unreviewed
CVE-2025-14733 was published Dec 19, 2025
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker... Critical Unreviewed
CVE-2025-56157 was published Dec 18, 2025
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could... Critical Unreviewed
CVE-2024-49587 was published Dec 19, 2025
InfluxDB through 2.7.10 allows allAccess administrators to retrieve all raw tokens via an "influx... Critical Unreviewed
CVE-2024-30896 was published Nov 27, 2024
Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information... Critical Unreviewed
CVE-2025-1928 was published Dec 19, 2025
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that... Critical Unreviewed
CVE-2023-53877 was published Dec 15, 2025
Custom Question Answering Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-64663 was published Dec 19, 2025
Improper control of generation of code ('code injection') in Azure Container Apps allows an... Critical Unreviewed
CVE-2025-65037 was published Dec 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database