Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,638
Erlang
34
GitHub Actions
26
Go
2,249
Maven
5,000+
npm
3,903
NuGet
702
pip
3,671
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,350 advisories

Loading
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a... Critical Unreviewed
CVE-2025-29660 was published Apr 21, 2025
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed
CVE-2025-29659 was published Apr 21, 2025
MCMS allows arbitrary file uploads in the ueditor component Critical
CVE-2025-29287 was published for net.mingsoft:ms-mcms (Maven) Apr 21, 2025
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW)... Critical Unreviewed
CVE-2025-0632 was published Apr 21, 2025
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2021-4455 was published Apr 19, 2025
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2025-1093 was published Apr 19, 2025
The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up... Critical Unreviewed
CVE-2025-3278 was published Apr 19, 2025
An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade... Critical Unreviewed
CVE-2025-29058 was published Apr 18, 2025
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a... Critical Unreviewed
CVE-2024-53591 was published Apr 18, 2025
Traefik affected by Go HTTP Request Smuggling Vulnerability Critical
GHSA-5423-jcjm-2gpv was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
varunbondre
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be... Critical Unreviewed
CVE-2025-2492 was published Apr 18, 2025
Insecure default settings have been found in recorder products provided by Yokogawa Electric... Critical Unreviewed
CVE-2025-1863 was published Apr 18, 2025
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow... Critical Unreviewed
CVE-2025-42599 was published Apr 18, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39471 was published Apr 18, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for torch (pip) Apr 18, 2025
azraelxuemo
A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php... Critical Unreviewed
CVE-2025-28009 was published Apr 17, 2025
A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated... Critical Unreviewed
CVE-2025-29662 was published Apr 17, 2025
Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This... Critical Unreviewed
CVE-2025-39596 was published Apr 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39587 was published Apr 17, 2025
Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons... Critical Unreviewed
CVE-2025-39588 was published Apr 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39595 was published Apr 17, 2025
Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object... Critical Unreviewed
CVE-2025-39551 was published Apr 17, 2025
Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object... Critical Unreviewed
CVE-2025-39550 was published Apr 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using... Critical Unreviewed
CVE-2025-39436 was published Apr 17, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows... Critical Unreviewed
CVE-2025-32682 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database