Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,745 advisories

Loading
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33184 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33183 was published Nov 18, 2025
The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is... Moderate Unreviewed
CVE-2025-7711 was published Nov 18, 2025
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode Critical
CVE-2025-12762 was published for pgadmin4 (pip) Nov 13, 2025
jonbally
Credited to jonbally
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is... High Unreviewed
CVE-2025-12733 was published Nov 13, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of... Moderate Unreviewed
CVE-2024-48829 was published Nov 12, 2025
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component... High Unreviewed
CVE-2025-33178 was published Nov 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious... High Unreviewed
CVE-2025-23361 was published Nov 11, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2025-23357 was published Nov 11, 2025
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed
CVE-2025-12813 was published Nov 11, 2025
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-12637 was published Nov 11, 2025
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a... Moderate Unreviewed
CVE-2025-42895 was published Nov 11, 2025
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed
CVE-2025-42887 was published Nov 11, 2025
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9334 was published Nov 8, 2025
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed
CVE-2020-36870 was published Nov 8, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed
CVE-2025-49372 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed
CVE-2025-47588 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed
CVE-2025-32222 was published Nov 6, 2025
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed
CVE-2025-11093 was published Nov 5, 2025
expr-eval does not restrict functions passed to the evaluate function High
CVE-2025-12735 was published for expr-eval (npm) Nov 5, 2025
sei-vsarvepalli
Credited to sei-vsarvepalli
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed
CVE-2025-60785 was published Nov 3, 2025
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... High Unreviewed
CVE-2025-48984 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database