Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10,019 advisories

Loading
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in... Moderate Unreviewed
CVE-2025-11379 was published Dec 4, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58,... Moderate Unreviewed
CVE-2025-20383 was published Dec 3, 2025
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2025-12585 was published Dec 3, 2025
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an... Moderate Unreviewed
CVE-2025-41014 was published Dec 2, 2025
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an... Moderate Unreviewed
CVE-2025-41015 was published Dec 2, 2025
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated... Moderate Unreviewed
CVE-2025-41066 was published Dec 2, 2025
The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up... Moderate Unreviewed
CVE-2025-13696 was published Dec 2, 2025
Grav Exposes Password Hashes Leading to privilege escalation Moderate
CVE-2025-66304 was published for getgrav/grav (Composer) Dec 2, 2025
alix41dsec
Credited to alix41dsec
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there... Moderate Unreviewed
CVE-2025-13653 was published Dec 1, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU... Moderate Unreviewed
CVE-2025-2879 was published Dec 1, 2025
NutzBoot vulnerable to information disclosure Low
CVE-2025-13804 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5... Moderate Unreviewed
CVE-2025-13785 was published Nov 30, 2025
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on... Moderate Unreviewed
CVE-2025-13683 was published Nov 28, 2025
Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation... Moderate Unreviewed
CVE-2025-58305 was published Nov 28, 2025
Permission control vulnerability in the file management module. Impact: Successful exploitation... Moderate Unreviewed
CVE-2025-64312 was published Nov 28, 2025
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2025-64311 was published Nov 28, 2025
Mattermost fails to sanitize team email addresses Moderate
CVE-2025-12559 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Exposure of email service credentials to users without administrative rights in Devolutions... Moderate Unreviewed
CVE-2025-13765 was published Nov 27, 2025
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server:... Low Unreviewed
CVE-2025-13758 was published Nov 27, 2025
In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL -... Moderate Unreviewed
CVE-2025-59454 was published Nov 27, 2025
The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all... Moderate Unreviewed
CVE-2025-12584 was published Nov 27, 2025
An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing... High Unreviewed
CVE-2025-65278 was published Nov 26, 2025
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers... Critical Unreviewed
CVE-2025-63729 was published Nov 25, 2025
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2025-12525 was published Nov 25, 2025
MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (... Critical Unreviewed
CVE-2025-63958 was published Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database