Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

295,360 advisories

Loading
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to... Moderate Unreviewed
CVE-2025-3193 was published Sep 27, 2025
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some... Moderate Unreviewed
CVE-2025-11049 was published Sep 27, 2025
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is... High Unreviewed
CVE-2025-9816 was published Sep 27, 2025
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper... Moderate Unreviewed
CVE-2025-10954 was published Sep 27, 2025
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file... Moderate Unreviewed
CVE-2025-11050 was published Sep 27, 2025
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10498 was published Sep 27, 2025
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10499 was published Sep 27, 2025
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery... Moderate Unreviewed
CVE-2024-43192 was published Sep 27, 2025
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2025-36239 was published Sep 27, 2025
The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first... Moderate Unreviewed
CVE-2025-8440 was published Sep 27, 2025
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could... Low Unreviewed
CVE-2025-36144 was published Sep 27, 2025
WSO2 Identity Server Apps allows content spoofing in logs Moderate
CVE-2024-6429 was published for org.wso2.identity.apps:authentication-portal (Maven) Sep 23, 2025
cai0duque
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque
Code injection in Apache Ant High
CVE-2020-11979 was published for org.apache.ant:ant (Maven) Feb 3, 2021
cpropps-sysdig AndrzejBiernacki2010
Apache IoTDB: Deserialization of untrusted Data Critical
CVE-2025-48459 was published for org.apache.iotdb:iotdb-confignode (Maven) Sep 24, 2025
cai0duque
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application... Critical Unreviewed
CVE-2024-36266 was published Jun 11, 2024
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function... Moderate Unreviewed
CVE-2025-11047 was published Sep 27, 2025
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this... Moderate Unreviewed
CVE-2025-11048 was published Sep 27, 2025
Denial of Service in content High
GHSA-5854-jvxx-2cg9 was published for subtext (npm) Sep 3, 2020
amita-seal
Prototype Pollution in @hapi/subtext High
GHSA-g9cg-h3jm-cwrc was published for @hapi/pez (npm) Sep 3, 2020
amita-seal
node-static and @nubosoftware/node-static vulnerable to Directory Traversal High
CVE-2023-26111 was published for @nubosoftware/node-static (npm) Mar 6, 2023
lirantal
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
lirantal
m.static Directory Traversal vulnerability High
CVE-2023-26126 was published for m.static (npm) May 10, 2023
lirantal
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py High
CVE-2025-50817 was published for future (pip) Aug 14, 2025
BarrensZeppelin
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database