Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

278,936 advisories

Loading
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed
CVE-2025-13748 was published Dec 6, 2025
The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-12499 was published Dec 6, 2025
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress... Critical Unreviewed
CVE-2025-13377 was published Dec 6, 2025
The Social Feed Gallery Portfolio plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-13896 was published Dec 6, 2025
The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-13907 was published Dec 6, 2025
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13898 was published Dec 6, 2025
The RevInsite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `token`... Moderate Unreviewed
CVE-2025-13863 was published Dec 6, 2025
A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The... Moderate Unreviewed
CVE-2025-14117 was published Dec 6, 2025
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode... Moderate Unreviewed
CVE-2025-13899 was published Dec 6, 2025
The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `... Moderate Unreviewed
CVE-2025-13894 was published Dec 6, 2025
The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12574 was published Dec 6, 2025
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12091 was published Dec 6, 2025
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is... Moderate Unreviewed
CVE-2025-13922 was published Dec 6, 2025
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to... High Unreviewed
CVE-2025-13292 was published Dec 6, 2025
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2025-13308 was published Dec 6, 2025
The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page... Moderate Unreviewed
CVE-2025-13358 was published Dec 6, 2025
The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[... Moderate Unreviewed
CVE-2025-13626 was published Dec 6, 2025
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-12673 was published Dec 6, 2025
The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12577 was published Dec 6, 2025
The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-12715 was published Dec 6, 2025
The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly... Moderate Unreviewed
CVE-2025-13309 was published Dec 6, 2025
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to... Moderate Unreviewed
CVE-2025-12720 was published Dec 6, 2025
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13656 was published Dec 6, 2025
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-12717 was published Dec 6, 2025
The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13629 was published Dec 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database