Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124,418 advisories

Loading
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. Moderate Unreviewed
CVE-2025-25514 was published Feb 26, 2025
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2024-27245 was published Feb 25, 2025
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2024-27246 was published Feb 25, 2025
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2024-27239 was published Feb 25, 2025
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct... Moderate Unreviewed
CVE-2024-45426 was published Feb 25, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an... Moderate Unreviewed
CVE-2024-45418 was published Feb 25, 2025
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an... Moderate Unreviewed
CVE-2024-45425 was published Feb 25, 2025
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a... Moderate Unreviewed
CVE-2024-45424 was published Feb 25, 2025
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6... Moderate Unreviewed
CVE-2024-45417 was published Feb 25, 2025
Navidrome allows an authentication bypass in Subsonic API with non-existent username Moderate
CVE-2025-27112 was published for github.com/navidrome/navidrome (Go) Feb 25, 2025
daniele-athome
Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing... Moderate Unreviewed
CVE-2025-26975 was published Feb 25, 2025
Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting... Moderate Unreviewed
CVE-2025-27000 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26980 was published Feb 25, 2025
Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting... Moderate Unreviewed
CVE-2025-26995 was published Feb 25, 2025
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows... Moderate Unreviewed
CVE-2025-26983 was published Feb 25, 2025
Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request... Moderate Unreviewed
CVE-2025-26963 was published Feb 25, 2025
Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia allows... Moderate Unreviewed
CVE-2025-26965 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26952 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26962 was published Feb 25, 2025
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers... Moderate Unreviewed
CVE-2025-26960 was published Feb 25, 2025
Missing Authorization vulnerability in xfinitysoft Order Limit for WooCommerce allows Exploiting... Moderate Unreviewed
CVE-2025-26928 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26937 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26913 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26939 was published Feb 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26949 was published Feb 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database