Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,800
Maven
5,000+
npm
4,426
NuGet
773
pip
4,199
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

28,071 advisories

Loading
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote... Critical Unreviewed
CVE-2025-52694 was published Jan 12, 2026
WeKnora has Command Injection in MCP stdio test Critical
CVE-2026-22688 was published for github.com/Tencent/WeKnora (Go) Jan 9, 2026
im-soohyun
Credited to im-soohyun
XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService Critical
CVE-2025-65091 was published for org.xwiki.contrib:macro-fullcalendar-pom (Maven) Jan 9, 2026
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command... Critical Unreviewed
CVE-2025-69425 was published Jan 9, 2026
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded... Critical Unreviewed
CVE-2025-69426 was published Jan 9, 2026
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code... Critical Unreviewed
CVE-2020-36875 was published Jan 9, 2026
BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login... Critical Unreviewed
CVE-2025-14598 was published Jan 9, 2026
Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any... Critical Unreviewed
CVE-2025-66050 was published Jan 9, 2026
The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text ... Critical Unreviewed
CVE-2025-7072 was published Jan 9, 2026
This vulnerability allows authenticated attackers to execute commands via the hostname of the... Critical Unreviewed
CVE-2025-64090 was published Jan 9, 2026
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary... Critical Unreviewed
CVE-2025-64093 was published Jan 9, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to... Critical Unreviewed
CVE-2025-14741 was published Jan 9, 2026
FASTJSON Includes Functionality from Untrusted Control Sphere Critical
CVE-2025-70974 was published for com.alibaba:fastjson (Maven) Jan 9, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in... Critical Unreviewed
CVE-2025-14736 was published Jan 9, 2026
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session... Critical Unreviewed
CVE-2025-68717 was published Jan 8, 2026
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user... Critical Unreviewed
CVE-2025-66913 was published Jan 8, 2026
Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows... Critical Unreviewed
CVE-2025-67325 was published Jan 8, 2026
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple... Critical Unreviewed
CVE-2025-68715 was published Jan 8, 2026
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job... Critical Unreviewed
CVE-2025-66916 was published Jan 8, 2026
React Router has Path Traversal in File Session Storage Critical
CVE-2025-61686 was published for @react-router/node (npm) Jan 8, 2026
zaddy6
Credited to zaddy6
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the ... Critical Unreviewed
CVE-2026-22234 was published Jan 8, 2026
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed
CVE-2025-67825 was published Jan 8, 2026
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12... Critical Unreviewed
CVE-2025-61548 was published Jan 8, 2026
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action... Critical Unreviewed
CVE-2025-61246 was published Jan 8, 2026
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the... Critical Unreviewed
CVE-2025-59468 was published Jan 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database