GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,912
Composer 5,067
Erlang 39
GitHub Actions 38
Go 2,717
Maven 6,143
npm 4,328
NuGet 761
pip 4,105
Pub 12
RubyGems 958
Rust 1,065
Swift 45

Unreviewed advisories

All unreviewed 278,946

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

278,946 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... High Unreviewed

CVE-2025-13614 was published Dec 5, 2025

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing... Moderate Unreviewed

CVE-2025-13620 was published Dec 5, 2025

The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-13678 was published Dec 5, 2025

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2025-13682 was published Dec 5, 2025

The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all... High Unreviewed

CVE-2025-12851 was published Dec 5, 2025

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery... High Unreviewed

CVE-2025-12879 was published Dec 5, 2025

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed

CVE-2025-12876 was published Dec 5, 2025

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... Moderate Unreviewed

CVE-2025-13684 was published Dec 5, 2025

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a... Moderate Unreviewed

CVE-2025-12093 was published Dec 5, 2025

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for... Moderate Unreviewed

CVE-2025-12130 was published Dec 5, 2025

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2025-12186 was published Dec 5, 2025

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed

CVE-2025-12355 was published Dec 5, 2025

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login ... Critical Unreviewed

CVE-2025-12374 was published Dec 5, 2025

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress... Moderate Unreviewed

CVE-2025-12373 was published Dec 5, 2025

The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed

CVE-2025-12354 was published Dec 5, 2025

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’... High Unreviewed

CVE-2025-12850 was published Dec 5, 2025

The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-13515 was published Dec 5, 2025

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets.... Moderate Unreviewed

CVE-2025-66270 was published Dec 5, 2025

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-13623 was published Dec 5, 2025

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13621 was published Dec 5, 2025

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-13622 was published Dec 5, 2025

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed

CVE-2025-13625 was published Dec 5, 2025

The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-13860 was published Dec 5, 2025

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to... Moderate Unreviewed

CVE-2025-32900 was published Dec 5, 2025

In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from... Moderate Unreviewed

CVE-2016-20023 was published Dec 5, 2025

Previous 1…5…400 Next

Previous 1 2 3 4 5 6 7 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

278,946 advisories