Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,926
Erlang
39
GitHub Actions
38
Go
2,576
Maven
5,000+
npm
4,246
NuGet
754
pip
4,008
Pub
12
RubyGems
953
Rust
1,045
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

274,201 advisories

Loading
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for... Moderate Unreviewed
CVE-2025-6833 was published Oct 22, 2025
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is... High Unreviewed
CVE-2025-11086 was published Oct 22, 2025
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled... Moderate Unreviewed
CVE-2025-11915 was published Oct 22, 2025
The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-11809 was published Oct 22, 2025
The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11866 was published Oct 22, 2025
The Cinza Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11824 was published Oct 22, 2025
The Oboxmedia Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11827 was published Oct 22, 2025
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated... Critical Unreviewed
CVE-2025-41723 was published Oct 22, 2025
The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11810 was published Oct 22, 2025
An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests.... High Unreviewed
CVE-2025-41724 was published Oct 22, 2025
The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11807 was published Oct 22, 2025
The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-11872 was published Oct 22, 2025
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an... Critical Unreviewed
CVE-2025-41108 was published Oct 22, 2025
The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or... Moderate Unreviewed
CVE-2025-12033 was published Oct 22, 2025
Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker... Moderate Unreviewed
CVE-2025-11952 was published Oct 22, 2025
The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11819 was published Oct 22, 2025
A low privileged remote attacker can corrupt the webserver users storage on the device by setting... High Unreviewed
CVE-2025-41719 was published Oct 22, 2025
The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-11813 was published Oct 22, 2025
The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for... Moderate Unreviewed
CVE-2025-10047 was published Oct 22, 2025
The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11883 was published Oct 22, 2025
The ST Categories Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11878 was published Oct 22, 2025
The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11817 was published Oct 22, 2025
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'... Moderate Unreviewed
CVE-2025-11804 was published Oct 22, 2025
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-11811 was published Oct 22, 2025
The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-10138 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database