GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,350
Composer 4,652
Erlang 34
GitHub Actions 26
Go 2,257
Maven 5,512
npm 3,909
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,217

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

118,965 advisories

Filter by severity

Sort by

Least recently updated

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via... Moderate Unreviewed

CVE-2023-2745 was published Jul 6, 2023

PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the... Moderate Unreviewed

CVE-2022-45480 was published Dec 2, 2022

In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and... Moderate Unreviewed

CVE-2022-38801 was published Nov 30, 2022

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave,... Moderate Unreviewed

CVE-2022-38803 was published Nov 30, 2022

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to... Moderate Unreviewed

CVE-2022-46338 was published Nov 30, 2022

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign,... Moderate Unreviewed

CVE-2022-38802 was published Nov 30, 2022

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed... Moderate Unreviewed

CVE-2022-44759 was published Apr 24, 2025

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in... Moderate Unreviewed

CVE-2022-44760 was published Apr 24, 2025

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an... Moderate Unreviewed

CVE-2025-3512 was published Apr 11, 2025

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to... Moderate Unreviewed

CVE-2023-41425 was published Nov 14, 2023

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading... Moderate Unreviewed

CVE-2025-43928 was published Apr 20, 2025

TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via... Moderate Unreviewed

CVE-2025-28017 was published Apr 23, 2025

A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System... Moderate Unreviewed

CVE-2025-29568 was published Apr 24, 2025

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in ... Moderate Unreviewed

CVE-2025-44135 was published Apr 24, 2025

A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the... Moderate Unreviewed

CVE-2025-44134 was published Apr 24, 2025

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net:... Moderate Unreviewed

CVE-2022-46391 was published Dec 4, 2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46533 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46534 was published Apr 24, 2025

Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows... Moderate Unreviewed

CVE-2025-46503 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46517 was published Apr 24, 2025

Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper ... Moderate Unreviewed

CVE-2025-46531 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46521 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46529 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46532 was published Apr 24, 2025

Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows... Moderate Unreviewed

CVE-2025-46511 was published Apr 24, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

118,965 advisories