Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,581 advisories

Loading
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30... Critical Unreviewed
CVE-2024-57971 was published Feb 16, 2025
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through... Critical Unreviewed
CVE-2025-26793 was published Feb 15, 2025
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to... Critical Unreviewed
CVE-2024-12562 was published Feb 15, 2025
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-13513 was published Feb 15, 2025
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially... Critical Unreviewed
CVE-2025-26506 was published Feb 14, 2025
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy... Critical Unreviewed
CVE-2024-13152 was published Feb 14, 2025
The standard user uses the run as function to start the MEAC applications with administrative... Critical Unreviewed
CVE-2025-0867 was published Feb 14, 2025
Apache Ignite: Possible RCE when deserializing incoming messages by the server node Critical
CVE-2024-52577 was published for org.apache.ignite:ignite-core (Maven) Feb 14, 2025
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2025-22630 was published Feb 14, 2025
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login... Critical Unreviewed
CVE-2025-1283 was published Feb 14, 2025
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB.... Critical Unreviewed
CVE-2023-34399 was published Feb 14, 2025
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain... Critical Unreviewed
CVE-2025-22896 was published Feb 14, 2025
mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote... Critical Unreviewed
CVE-2025-25067 was published Feb 14, 2025
The administrative web interface of mySCADA myPRO Manager can be accessed without... Critical Unreviewed
CVE-2025-24865 was published Feb 14, 2025
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged... Critical Unreviewed
CVE-2025-1127 was published Feb 13, 2025
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record... Critical Unreviewed
CVE-2025-25388 was published Feb 13, 2025
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record... Critical Unreviewed
CVE-2025-25389 was published Feb 13, 2025
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an... Critical Unreviewed
CVE-2025-1270 was published Feb 13, 2025
The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2024-13182 was published Feb 13, 2025
The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and... Critical Unreviewed
CVE-2024-10763 was published Feb 13, 2025
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote... Critical Unreviewed
CVE-2025-0896 was published Feb 13, 2025
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0... Critical Unreviewed
CVE-2024-7102 was published Feb 13, 2025
An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the... Critical Unreviewed
CVE-2024-57604 was published Feb 13, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database