Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,141 advisories

Loading
The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution... High Unreviewed
CVE-2025-1509 was published Feb 22, 2025
The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2025-1510 was published Feb 22, 2025
A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated... Moderate Unreviewed
CVE-2019-8900 was published Feb 22, 2025
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the... Moderate Unreviewed
CVE-2025-25507 was published Feb 21, 2025
The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in... Moderate Unreviewed
CVE-2024-13900 was published Feb 21, 2025
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand... Critical Unreviewed
CVE-2025-25675 was published Feb 21, 2025
A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1... Critical Unreviewed
CVE-2024-54756 was published Feb 21, 2025
PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51324 was published Feb 20, 2025
PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51320 was published Feb 20, 2025
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51331 was published Feb 20, 2025
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local... High Unreviewed
CVE-2025-0161 was published Feb 20, 2025
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name,... Moderate Unreviewed
CVE-2023-51317 was published Feb 20, 2025
PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which... High Unreviewed
CVE-2023-51313 was published Feb 20, 2025
SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-57401 was published Feb 20, 2025
The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13792 was published Feb 20, 2025
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote... Moderate Unreviewed
CVE-2025-27218 was published Feb 20, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2025-25944 was published Feb 20, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2025-25943 was published Feb 20, 2025
Insufficient tracking and releasing of allocated used memory in libx264 git master allows... Critical Unreviewed
CVE-2025-25467 was published Feb 19, 2025
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2024-13689 was published Feb 18, 2025
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13797 was published Feb 18, 2025
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13346 was published Feb 13, 2025
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2024-13345 was published Feb 13, 2025
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database