Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

7,127 advisories

Loading
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11691 was published Oct 18, 2025
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in... High Unreviewed
CVE-2025-11177 was published Oct 15, 2025
The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all... High Unreviewed
CVE-2025-10743 was published Oct 15, 2025
The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2025-11501 was published Oct 15, 2025
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft... High Unreviewed
CVE-2025-59213 was published Oct 14, 2025
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications... High Unreviewed
CVE-2025-40755 was published Oct 14, 2025
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-10862 was published Oct 9, 2025
ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in... High Unreviewed
CVE-2025-60311 was published Oct 8, 2025
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... High Unreviewed
CVE-2025-11204 was published Oct 8, 2025
A SQL Injection vulnerability was discovered in the Alert functionality due to improper... High Unreviewed
CVE-2025-40886 was published Oct 7, 2025
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter... High Unreviewed
CVE-2025-10692 was published Oct 3, 2025
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker... High Unreviewed
CVE-2025-53595 was published Oct 3, 2025
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker... High Unreviewed
CVE-2025-54153 was published Oct 3, 2025
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for... High Unreviewed
CVE-2025-9200 was published Oct 3, 2025
The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in... High Unreviewed
CVE-2025-10582 was published Oct 3, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-0616 was published Oct 3, 2025
Django vulnerable to SQL injection in column aliases High
CVE-2025-59681 was published for django (pip) Oct 1, 2025
In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext... High Unreviewed
CVE-2025-52039 was published Oct 1, 2025
In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype... High Unreviewed
CVE-2025-52042 was published Oct 1, 2025
In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype... High Unreviewed
CVE-2025-52041 was published Oct 1, 2025
The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the... High Unreviewed
CVE-2025-8877 was published Sep 30, 2025
Improper neutralization of input provided by an authorized user in article positioning... High Unreviewed
CVE-2025-8121 was published Sep 30, 2025
Improper neutralization of input provided by an authorized user in article positioning... High Unreviewed
CVE-2025-8122 was published Sep 30, 2025
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an... High Unreviewed
CVE-2025-6724 was published Sep 29, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-60108 was published Sep 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database