Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

266,283 advisories

Loading
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,... High Unreviewed
CVE-2024-13684 was published Feb 18, 2025
The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and... High Unreviewed
CVE-2024-12314 was published Feb 18, 2025
The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-12525 was published Feb 18, 2025
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13741 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... High Unreviewed
CVE-2025-25222 was published Feb 18, 2025
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13740 was published Feb 18, 2025
The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during... Moderate Unreviewed
CVE-2025-1390 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... Moderate Unreviewed
CVE-2025-25223 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... Moderate Unreviewed
CVE-2025-25224 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... High Unreviewed
CVE-2025-25221 was published Feb 18, 2025
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4... Moderate Unreviewed
CVE-2025-25055 was published Feb 18, 2025
Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0... High Unreviewed
CVE-2025-20075 was published Feb 18, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2021-46686 was published Feb 18, 2025
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a... Moderate Unreviewed
CVE-2024-25066 was published Feb 17, 2025
Rejected reason: Was determined not a vulnerability. Unknown Unreviewed
CVE-2021-30369 was published Feb 17, 2025
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support... Critical Unreviewed
CVE-2024-12356 was published Dec 17, 2024
The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up... Moderate Unreviewed
CVE-2024-13879 was published Feb 17, 2025
A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected... Moderate Unreviewed
CVE-2025-1392 was published Feb 17, 2025
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This... Critical Unreviewed
CVE-2024-7591 was published Sep 5, 2024
A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of... Moderate Unreviewed
CVE-2025-1391 was published Feb 17, 2025
Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0... High Unreviewed
CVE-2025-21103 was published Feb 17, 2025
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the... Unknown Unreviewed
CVE-2025-21687 was published Feb 10, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26775 was published Feb 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23840 was published Feb 17, 2025
The vulnerability existed in the password storage of Mobateks MobaXterm below 25.0. MobaXTerm... Moderate Unreviewed
CVE-2025-0714 was published Feb 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database