GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,350
Composer 4,652
Erlang 34
GitHub Actions 26
Go 2,257
Maven 5,512
npm 3,909
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,100

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

253,100 advisories

Filter by severity

Sort by

Least recently updated

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2024-12597 was published Feb 4, 2025

There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD... High Unreviewed

CVE-2024-10237 was published Feb 4, 2025

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2024-13607 was published Feb 4, 2025

The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13332 was published Feb 4, 2025

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before... High Unreviewed

CVE-2024-13329 was published Feb 4, 2025

The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a... Moderate Unreviewed

CVE-2025-0368 was published Feb 4, 2025

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes... Moderate Unreviewed

CVE-2025-0466 was published Feb 4, 2025

The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13327 was published Feb 4, 2025

The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter... Moderate Unreviewed

CVE-2024-13328 was published Feb 4, 2025

The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before... High Unreviewed

CVE-2024-13330 was published Feb 4, 2025

The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter... Moderate Unreviewed

CVE-2024-13331 was published Feb 4, 2025

The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13326 was published Feb 4, 2025

The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13325 was published Feb 4, 2025

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2... Moderate Unreviewed

CVE-2025-24982 was published Feb 4, 2025

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have... Moderate Unreviewed

CVE-2024-13115 was published Feb 4, 2025

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise... Moderate Unreviewed

CVE-2024-13114 was published Feb 4, 2025

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of... Low Unreviewed

CVE-2025-22475 was published Feb 4, 2025

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for... High Unreviewed

CVE-2025-1003 was published Feb 4, 2025

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to... Critical Unreviewed

CVE-2024-57968 was published Feb 3, 2025

A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows... High Unreviewed

CVE-2024-56903 was published Feb 3, 2025

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed

CVE-2025-22978 was published Feb 3, 2025

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows... Moderate Unreviewed

CVE-2025-25181 was published Feb 3, 2025

access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE:... Moderate Unreviewed

CVE-2023-52164 was published Feb 3, 2025

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This... Moderate Unreviewed

CVE-2023-52163 was published Feb 3, 2025

Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies.... High Unreviewed

CVE-2025-22918 was published Feb 3, 2025

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

253,100 advisories