GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,775
Composer 5,036
Erlang 39
GitHub Actions 38
Go 2,680
Maven 6,124
npm 4,308
NuGet 760
pip 4,080
Pub 12
RubyGems 958
Rust 1,061
Swift 45

Unreviewed advisories

All unreviewed 278,241

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

132,890 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing... Moderate Unreviewed

CVE-2025-13441 was published Nov 27, 2025

The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed

CVE-2025-13157 was published Nov 27, 2025

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-13525 was published Nov 27, 2025

The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2025-12185 was published Nov 27, 2025

The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed

CVE-2025-12123 was published Nov 27, 2025

Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an... Moderate Unreviewed

CVE-2025-3784 was published Nov 27, 2025

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross... Moderate Unreviewed

CVE-2025-13143 was published Nov 27, 2025

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-12151 was published Nov 27, 2025

Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on... Moderate Unreviewed

CVE-2025-13762 was published Nov 27, 2025

The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple... Moderate Unreviewed

CVE-2025-12670 was published Nov 27, 2025

The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty... Moderate Unreviewed

CVE-2025-12712 was published Nov 27, 2025

The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'... Moderate Unreviewed

CVE-2025-12649 was published Nov 27, 2025

The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-12666 was published Nov 27, 2025

The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-12713 was published Nov 27, 2025

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-12578 was published Nov 27, 2025

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to... Moderate Unreviewed

CVE-2025-12579 was published Nov 27, 2025

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in... Moderate Unreviewed

CVE-2024-5540 was published Nov 27, 2025

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18... Moderate Unreviewed

CVE-2025-12653 was published Nov 26, 2025

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5... Moderate Unreviewed

CVE-2025-6195 was published Nov 26, 2025

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18... Moderate Unreviewed

CVE-2025-7449 was published Nov 26, 2025

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the ... Moderate Unreviewed

CVE-2021-4472 was published Nov 26, 2025

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port()... Moderate Unreviewed

CVE-2025-63938 was published Nov 26, 2025

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC... Moderate Unreviewed

CVE-2025-65239 was published Nov 26, 2025

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads... Moderate Unreviewed

CVE-2025-9163 was published Nov 26, 2025

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... Moderate Unreviewed

CVE-2025-9191 was published Nov 26, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

132,890 advisories