Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

102,741 advisories

Loading
The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead... High Unreviewed
CVE-2024-11936 was published Jan 26, 2025
The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site... High Unreviewed
CVE-2024-11641 was published Jan 26, 2025
Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project... High Unreviewed
CVE-2024-46881 was published Jan 26, 2025
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to... High Unreviewed
CVE-2024-10574 was published Jan 26, 2025
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL... High Unreviewed
CVE-2024-10628 was published Jan 26, 2025
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. High Unreviewed
CVE-2022-49043 was published Jan 26, 2025
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2024-10633 was published Jan 26, 2025
Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access... High Unreviewed
CVE-2025-24858 was published Jan 26, 2025
Local privilege escalation due to incorrect assignment of privileges of temporary files in the... High Unreviewed
CVE-2025-0542 was published Jan 25, 2025
Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to... High Unreviewed
CVE-2025-0543 was published Jan 25, 2025
IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length... High Unreviewed
CVE-2024-39750 was published Jan 25, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... High Unreviewed
CVE-2024-13562 was published Jan 25, 2025
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-12600 was published Jan 25, 2025
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass... High Unreviewed
CVE-2025-0411 was published Jan 25, 2025
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up... High Unreviewed
CVE-2025-0682 was published Jan 25, 2025
A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as... High Unreviewed
CVE-2025-0707 was published Jan 24, 2025
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast
Updatecli exposes Maven credentials in console output High
CVE-2025-24355 was published for github.com/updatecli/updatecli (Go) Jan 24, 2025
gionn olblak
GitHub PAT written to debug artifacts High
CVE-2025-24362 was published for github/codeql-action (GitHub Actions) Jan 24, 2025
jstawinski
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` High
CVE-2024-52807 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
dotasek
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-24728 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS.... High Unreviewed
CVE-2025-24756 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode... High Unreviewed
CVE-2025-24636 was published Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-24659 was published Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-24663 was published Jan 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database