Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

96,216 advisories

Loading
The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and... High Unreviewed
CVE-2024-12314 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... High Unreviewed
CVE-2025-25221 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... High Unreviewed
CVE-2025-25222 was published Feb 18, 2025
Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0... High Unreviewed
CVE-2025-20075 was published Feb 18, 2025
Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0... High Unreviewed
CVE-2025-21103 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23840 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23845 was published Feb 17, 2025
The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings,... High Unreviewed
CVE-2024-13603 was published Feb 17, 2025
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2025-0924 was published Feb 17, 2025
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular... High Unreviewed
CVE-2025-1389 was published Feb 17, 2025
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote... High Unreviewed
CVE-2025-1388 was published Feb 17, 2025
Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to... High Unreviewed
CVE-2025-0591 was published Feb 17, 2025
Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows... High Unreviewed
CVE-2025-26768 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-44044 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22284 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22286 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22680 was published Feb 17, 2025
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored... High Unreviewed
CVE-2025-26759 was published Feb 17, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-26755 was published Feb 17, 2025
A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329.... High Unreviewed
CVE-2025-1340 was published Feb 16, 2025
A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue... High Unreviewed
CVE-2025-1353 was published Feb 16, 2025
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via... High Unreviewed
CVE-2024-13488 was published Feb 15, 2025
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 ... High Unreviewed
CVE-2024-5461 was published Feb 15, 2025
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. High Unreviewed
CVE-2025-26819 was published Feb 15, 2025
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. High Unreviewed
CVE-2024-4282 was published Feb 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database