Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

103,516 advisories

Loading
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26363 was published Feb 12, 2025
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or... High Unreviewed
CVE-2025-26349 was published Feb 12, 2025
A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than... High Unreviewed
CVE-2025-26343 was published Feb 12, 2025
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or... High Unreviewed
CVE-2025-26340 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26366 was published Feb 12, 2025
A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows... High Unreviewed
CVE-2025-1244 was published Feb 12, 2025
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less... High Unreviewed
CVE-2025-26371 was published Feb 12, 2025
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17... High Unreviewed
CVE-2025-0376 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26364 was published Feb 12, 2025
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less... High Unreviewed
CVE-2025-26368 was published Feb 12, 2025
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less... High Unreviewed
CVE-2025-26370 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26362 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26365 was published Feb 12, 2025
A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free... High Unreviewed
CVE-2025-26356 was published Feb 12, 2025
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1... High Unreviewed
CVE-2025-20890 was published Feb 4, 2025
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025... High Unreviewed
CVE-2025-20888 was published Feb 4, 2025
The LTL Freight Quotes – XPO Edition plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2024-13490 was published Feb 12, 2025
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2025-0511 was published Feb 12, 2025
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13528 was published Feb 12, 2025
The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2024-13480 was published Feb 12, 2025
The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13532 was published Feb 12, 2025
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... High Unreviewed
CVE-2024-12386 was published Feb 12, 2025
The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13477 was published Feb 12, 2025
The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2024-13531 was published Feb 12, 2025
The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2024-13473 was published Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database