GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,679
Composer 5,016
Erlang 39
GitHub Actions 38
Go 2,655
Maven 6,114
npm 4,284
NuGet 760
pip 4,068
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,539

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

277,539 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-12827 was published Nov 18, 2025

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-8605 was published Nov 18, 2025

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible... Moderate Unreviewed

CVE-2025-26391 was published Nov 18, 2025

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL... Moderate Unreviewed

CVE-2025-40545 was published Nov 18, 2025

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-8609 was published Nov 18, 2025

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed

CVE-2025-12937 was published Nov 18, 2025

The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-12823 was published Nov 18, 2025

A missing validation process exists in Serv U when abused, could give a malicious actor with... Critical Unreviewed

CVE-2025-40548 was published Nov 18, 2025

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to... Moderate Unreviewed

CVE-2025-7623 was published Nov 18, 2025

The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `everviz`... Moderate Unreviewed

CVE-2025-11868 was published Nov 18, 2025

The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed

CVE-2025-12078 was published Nov 18, 2025

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due... Moderate Unreviewed

CVE-2025-12961 was published Nov 18, 2025

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed

CVE-2025-12372 was published Nov 18, 2025

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-11267 was published Nov 18, 2025

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File... High Unreviewed

CVE-2025-13088 was published Nov 18, 2025

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting... High Unreviewed

CVE-2025-10089 was published Nov 18, 2025

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After... High Unreviewed

CVE-2025-8727 was published Nov 18, 2025

The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL... High Unreviewed

CVE-2025-12411 was published Nov 18, 2025

The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all... High Unreviewed

CVE-2025-12775 was published Nov 18, 2025

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of... High Unreviewed

CVE-2025-11620 was published Nov 18, 2025

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions... High Unreviewed

CVE-2025-12528 was published Nov 18, 2025

Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated... Moderate Unreviewed

CVE-2025-8404 was published Nov 18, 2025

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-12406 was published Nov 18, 2025

The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed

CVE-2025-12404 was published Nov 18, 2025

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After... High Unreviewed

CVE-2025-8076 was published Nov 18, 2025

Previous 1…5…400 Next

Previous 1 2 3 4 5 6 7 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

277,539 advisories