Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,767
Maven
5,000+
npm
4,374
NuGet
770
pip
4,148
Pub
12
RubyGems
963
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,892 advisories

Loading
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote... Critical Unreviewed
CVE-2025-13773 was published Dec 24, 2025
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-14500 was published Dec 24, 2025
Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management... Critical Unreviewed
CVE-2025-65354 was published Dec 23, 2025
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php... Critical Unreviewed
CVE-2023-53982 was published Dec 23, 2025
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code... Critical Unreviewed
CVE-2025-14931 was published Dec 23, 2025
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs Critical
CVE-2025-68664 was published for langchain-core (pip) Dec 23, 2025
0xn3va yardenporat353
VladimirEliTokarev eyurtsev ccurme mdrxy hntrl
Credited to 0xn3va, yardenporat353, VladimirEliTokarev, eyurtsev, ccurme, mdrxy, and hntrl
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows... Critical Unreviewed
CVE-2025-67109 was published Dec 23, 2025
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded... Critical Unreviewed
CVE-2025-33222 was published Dec 23, 2025
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with... Critical Unreviewed
CVE-2025-33224 was published Dec 23, 2025
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation,... Critical Unreviewed
CVE-2025-67108 was published Dec 23, 2025
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with... Critical Unreviewed
CVE-2025-33223 was published Dec 23, 2025
linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. Critical Unreviewed
CVE-2025-29229 was published Dec 23, 2025
Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via... Critical Unreviewed
CVE-2025-29228 was published Dec 23, 2025
SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2024-57521 was published Dec 23, 2025
Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2025-50526 was published Dec 23, 2025
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null... Critical Unreviewed
CVE-2025-14388 was published Dec 23, 2025
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8... Critical Unreviewed
CVE-2025-65856 was published Dec 23, 2025
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index... Critical Unreviewed
CVE-2023-53960 was published Dec 23, 2025
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability... Critical Unreviewed
CVE-2023-53955 was published Dec 23, 2025
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability... Critical Unreviewed
CVE-2023-53963 was published Dec 23, 2025
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows... Critical Unreviewed
CVE-2023-53967 was published Dec 23, 2025
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows... Critical Unreviewed
CVE-2023-53966 was published Dec 23, 2025
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows... Critical Unreviewed
CVE-2023-53969 was published Dec 23, 2025
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that... Critical Unreviewed
CVE-2023-53972 was published Dec 23, 2025
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows... Critical Unreviewed
CVE-2023-53968 was published Dec 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database