Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

126,194 advisories

Loading
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15015 was published Dec 22, 2025
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is... High Unreviewed
CVE-2025-15007 was published Dec 22, 2025
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an... High Unreviewed
CVE-2025-15006 was published Dec 22, 2025
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of... High Unreviewed
CVE-2025-14995 was published Dec 21, 2025
A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the... High Unreviewed
CVE-2025-14994 was published Dec 21, 2025
The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form... High Unreviewed
CVE-2025-14855 was published Dec 21, 2025
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed
CVE-2025-14800 was published Dec 21, 2025
A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the... High Unreviewed
CVE-2025-14993 was published Dec 21, 2025
A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the... High Unreviewed
CVE-2025-14992 was published Dec 21, 2025
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9343 was published Dec 21, 2025
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL... High Unreviewed
CVE-2025-68644 was published Dec 21, 2025
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is... High Unreviewed
CVE-2025-12980 was published Dec 21, 2025
The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2025-14071 was published Dec 21, 2025
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting... High Unreviewed
CVE-2023-25446 was published Dec 21, 2025
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege... High Unreviewed
CVE-2025-34290 was published Dec 20, 2025
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized... High Unreviewed
CVE-2025-7782 was published Dec 20, 2025
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can... High Unreviewed
CVE-2025-14299 was published Dec 20, 2025
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An... High Unreviewed
CVE-2025-8065 was published Dec 20, 2025
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An... High Unreviewed
CVE-2025-14300 was published Dec 20, 2025
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo Credited to J1vvoo and im-soohyun im-soohyun im-soohyun
Langflow vulnerable to Server-Side Request Forgery High
CVE-2025-68477 was published for langflow (pip) Dec 19, 2025
im-soohyun Credited to im-soohyun
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local... High Unreviewed
CVE-2023-53947 was published Dec 19, 2025
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2023-53952 was published Dec 19, 2025
Kimai contains a SameSite cookie vulnerability High
CVE-2023-53957 was published for kimai/kimai (Composer) Dec 19, 2025
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative... High Unreviewed
CVE-2023-53956 was published Dec 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database