GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,678
Composer 5,016
Erlang 39
GitHub Actions 38
Go 2,655
Maven 6,113
npm 4,284
NuGet 760
pip 4,068
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,540

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

277,540 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing... High Unreviewed

CVE-2025-12955 was published Nov 18, 2025

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-13196 was published Nov 18, 2025

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source... High Unreviewed

CVE-2025-41737 was published Nov 18, 2025

The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions... Moderate Unreviewed

CVE-2025-13133 was published Nov 18, 2025

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload... High Unreviewed

CVE-2025-13069 was published Nov 18, 2025

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed

CVE-2025-41346 was published Nov 18, 2025

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed

CVE-2025-4212 was published Nov 18, 2025

A low privileged remote attacker can upload any file to an arbitrary location due to missing file... High Unreviewed

CVE-2025-41735 was published Nov 18, 2025

Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este... Moderate Unreviewed

CVE-2025-41349 was published Nov 18, 2025

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use... High Unreviewed

CVE-2025-6670 was published Nov 18, 2025

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the... Critical Unreviewed

CVE-2025-41734 was published Nov 18, 2025

A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0.... Moderate Unreviewed

CVE-2025-13345 was published Nov 18, 2025

Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este... Moderate Unreviewed

CVE-2025-41350 was published Nov 18, 2025

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-12691 was published Nov 18, 2025

The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is... Moderate Unreviewed

CVE-2025-12639 was published Nov 18, 2025

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability... High Unreviewed

CVE-2025-41348 was published Nov 18, 2025

A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by... Moderate Unreviewed

CVE-2025-13344 was published Nov 18, 2025

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected... Moderate Unreviewed

CVE-2025-13343 was published Nov 18, 2025

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed

CVE-2025-12079 was published Nov 18, 2025

The Meta Display Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-12088 was published Nov 18, 2025

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed

CVE-2025-12391 was published Nov 18, 2025

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for... Moderate Unreviewed

CVE-2025-11734 was published Nov 18, 2025

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed

CVE-2025-40547 was published Nov 18, 2025

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-9625 was published Nov 18, 2025

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed

CVE-2025-12962 was published Nov 18, 2025

Previous 1…4…400 Next

Previous 1 2 3 4 5 6 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

277,540 advisories