GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,041
Composer 5,081
Erlang 40
GitHub Actions 38
Go 2,752
Maven 6,172
npm 4,357
NuGet 765
pip 4,121
Pub 12
RubyGems 961
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,789

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

675 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this... Moderate Unreviewed

CVE-2025-13174 was published Nov 14, 2025

A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This... Moderate Unreviewed

CVE-2025-9805 was published Nov 14, 2025

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a... Moderate Unreviewed

CVE-2025-52186 was published Nov 13, 2025

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server... Moderate Unreviewed

CVE-2025-12560 was published Nov 6, 2025

The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-12388 was published Nov 5, 2025

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed

CVE-2025-11917 was published Nov 5, 2025

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization... Moderate Unreviewed

CVE-2025-60319 was published Oct 30, 2025

An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri... Moderate Unreviewed

CVE-2025-60898 was published Oct 29, 2025

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF).... Moderate Unreviewed

CVE-2025-36085 was published Oct 28, 2025

Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates... Moderate Unreviewed

CVE-2025-62988 was published Oct 27, 2025

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-12136 was published Oct 24, 2025

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator... Moderate Unreviewed

CVE-2025-11128 was published Oct 23, 2025

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed

CVE-2025-10705 was published Oct 23, 2025

Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows... Moderate Unreviewed

CVE-2025-49374 was published Oct 22, 2025

Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers... Moderate Unreviewed

CVE-2025-49917 was published Oct 22, 2025

Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat... Moderate Unreviewed

CVE-2025-62763 was published Oct 21, 2025

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed

CVE-2025-11536 was published Oct 21, 2025

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... Moderate Unreviewed

CVE-2025-11361 was published Oct 18, 2025

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the... Moderate Unreviewed

CVE-2025-34282 was published Oct 17, 2025

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the... Moderate Unreviewed

CVE-2025-11864 was published Oct 16, 2025

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed

CVE-2025-10056 was published Oct 15, 2025

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). Moderate Unreviewed

CVE-2025-60540 was published Oct 14, 2025

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing... Moderate Unreviewed

CVE-2025-11674 was published Oct 13, 2025

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown... Moderate Unreviewed

CVE-2025-11648 was published Oct 13, 2025

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue... Moderate Unreviewed

CVE-2025-11636 was published Oct 12, 2025

Previous 12…27 Next

Previous 1 2 3 4 5 … 26 27 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

675 advisories