Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,636 advisories

Loading
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute... Critical Unreviewed
CVE-2025-1135 was published Feb 19, 2025
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-1134 was published Feb 19, 2025
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-1133 was published Feb 19, 2025
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior... Critical Unreviewed
CVE-2025-1132 was published Feb 19, 2025
Insufficient tracking and releasing of allocated used memory in libx264 git master allows... Critical Unreviewed
CVE-2025-25467 was published Feb 19, 2025
Incorrect Privilege Assignment vulnerability in NotFound K Elements allows Privilege Escalation.... Critical Unreviewed
CVE-2024-56000 was published Feb 18, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using... Critical Unreviewed
CVE-2025-22654 was published Feb 18, 2025
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend... Critical Unreviewed
CVE-2024-55460 was published Feb 18, 2025
Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the... Critical Unreviewed
CVE-2024-39327 was published Feb 18, 2025
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and... Critical Unreviewed
CVE-2022-41545 was published Feb 18, 2025
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits... Critical Unreviewed
CVE-2024-57045 was published Feb 18, 2025
A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier... Critical Unreviewed
CVE-2024-57050 was published Feb 18, 2025
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier... Critical Unreviewed
CVE-2024-57049 was published Feb 18, 2025
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-1023 was published Feb 18, 2025
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-12860 was published Feb 18, 2025
The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all... Critical Unreviewed
CVE-2024-13725 was published Feb 18, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2021-46686 was published Feb 18, 2025
Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-1387 was published Feb 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-22290 was published Feb 17, 2025
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30... Critical Unreviewed
CVE-2024-57971 was published Feb 16, 2025
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through... Critical Unreviewed
CVE-2025-26793 was published Feb 15, 2025
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to... Critical Unreviewed
CVE-2024-12562 was published Feb 15, 2025
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-13513 was published Feb 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database