Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,767
Maven
5,000+
npm
4,374
NuGet
770
pip
4,148
Pub
12
RubyGems
963
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,892 advisories

Loading
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-65041 was published Dec 19, 2025
Weblate is vulnerable to RCE through Git config file overwrite Critical
CVE-2025-68398 was published for Weblate (pip) Dec 18, 2025
secjson nijel
Credited to secjson and nijel
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2023-53941 was published Dec 18, 2025
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote... Critical Unreviewed
CVE-2023-53942 was published Dec 18, 2025
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker... Critical Unreviewed
CVE-2025-56157 was published Dec 18, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn... Critical Unreviewed
CVE-2025-64236 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63386 was published Dec 18, 2025
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in... Critical Unreviewed
CVE-2025-63388 was published Dec 18, 2025
Ollama Platform has missing authentication enabling attackers to perform model management operations Critical
CVE-2025-63389 was published for github.com/ollama/ollama (Go) Dec 18, 2025
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2... Critical Unreviewed
CVE-2025-0165 was published Dec 18, 2025
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in... Critical Unreviewed
CVE-2025-65008 was published Dec 18, 2025
Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146... Critical Unreviewed
CVE-2025-14860 was published Dec 18, 2025
A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to... Critical Unreviewed
CVE-2025-10910 was published Dec 18, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel... Critical Unreviewed
CVE-2025-66078 was published Dec 18, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp... Critical Unreviewed
CVE-2025-66074 was published Dec 18, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors... Critical Unreviewed
CVE-2025-64374 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin... Critical Unreviewed
CVE-2025-60091 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf... Critical Unreviewed
CVE-2025-60090 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot... Critical Unreviewed
CVE-2025-60178 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact... Critical Unreviewed
CVE-2025-60174 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf... Critical Unreviewed
CVE-2025-60180 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection... Critical Unreviewed
CVE-2025-64206 was published Dec 18, 2025
Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege... Critical Unreviewed
CVE-2025-64188 was published Dec 18, 2025
Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object... Critical Unreviewed
CVE-2025-64233 was published Dec 18, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress... Critical Unreviewed
CVE-2025-64231 was published Dec 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database