Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

306,196 advisories

Loading
Expr has Denial of Service via Unbounded Recursion in Builtin Functions High
CVE-2025-68156 was published for github.com/expr-lang/expr (Go) Dec 16, 2025
thevilledev
Credited to thevilledev
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint High
CVE-2025-68155 was published for @vitejs/plugin-rsc (npm) Dec 16, 2025
yueyueL
Credited to yueyueL
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser_0.25 (Maven) Jan 6, 2022
nrktkt
Credited to nrktkt
InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler... Moderate Unreviewed
CVE-2025-64012 was published Dec 16, 2025
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version... Moderate Unreviewed
CVE-2025-65427 was published Dec 16, 2025
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator... Moderate Unreviewed
CVE-2025-46296 was published Dec 16, 2025
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused... Critical Unreviewed
CVE-2025-46295 was published Dec 16, 2025
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS... Moderate Unreviewed
CVE-2025-46294 was published Dec 16, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-68062 was published Dec 16, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-68068 was published Dec 16, 2025
A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some... Moderate Unreviewed
CVE-2025-14641 was published Dec 14, 2025
A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an... Moderate Unreviewed
CVE-2025-14642 was published Dec 14, 2025
A security flaw has been discovered in code-projects Student File Management System 1.0. This... Moderate Unreviewed
CVE-2025-14646 was published Dec 14, 2025
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects... Moderate Unreviewed
CVE-2025-14652 was published Dec 14, 2025
A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects... Moderate Unreviewed
CVE-2025-14664 was published Dec 14, 2025
A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown... Moderate Unreviewed
CVE-2025-14650 was published Dec 14, 2025
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an... Moderate Unreviewed
CVE-2025-14639 was published Dec 14, 2025
Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross... Moderate Unreviewed
CVE-2025-64240 was published Dec 16, 2025
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting... Moderate Unreviewed
CVE-2025-64243 was published Dec 16, 2025
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting... Moderate Unreviewed
CVE-2025-59001 was published Dec 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-67950 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-67912 was published Dec 16, 2025
Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting... Moderate Unreviewed
CVE-2025-67965 was published Dec 16, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-68053 was published Dec 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick... Moderate Unreviewed
CVE-2025-68083 was published Dec 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database