Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

305,630 advisories

Loading
The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter... Moderate Unreviewed
CVE-2025-10289 was published Dec 13, 2025
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via... Critical Unreviewed
CVE-2025-10738 was published Dec 13, 2025
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-13092 was published Dec 13, 2025
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13705 was published Dec 13, 2025
The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing... Moderate Unreviewed
CVE-2025-12512 was published Dec 13, 2025
The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import... Moderate Unreviewed
CVE-2025-14050 was published Dec 13, 2025
The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2025-0969 was published Dec 13, 2025
The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive... Critical Unreviewed
CVE-2025-11693 was published Dec 13, 2025
The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is... High Unreviewed
CVE-2025-13077 was published Dec 13, 2025
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11376 was published Dec 13, 2025
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to... Moderate Unreviewed
CVE-2025-11164 was published Dec 13, 2025
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of... High Unreviewed
CVE-2025-13970 was published Dec 13, 2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Unknown Unreviewed
CVE-2025-14066 was published Dec 13, 2025
A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown... Moderate Unreviewed
CVE-2025-14583 was published Dec 13, 2025
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown... Moderate Unreviewed
CVE-2025-14584 was published Dec 13, 2025
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an... Moderate Unreviewed
CVE-2025-14582 was published Dec 13, 2025
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-14585 was published Dec 13, 2025
Vuetify has a Prototype Pollution vulnerability High
CVE-2025-8083 was published for vuetify (npm) Dec 12, 2025
Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component Moderate
CVE-2025-8082 was published for vuetify (npm) Dec 12, 2025
MineAdmin has an insecure default password Critical
CVE-2025-65854 was published for mineadmin/mineadmin (Composer) Dec 12, 2025
Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations High
CVE-2025-3586 was published for com.liferay:com.liferay.object.service (Maven) Dec 12, 2025
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer High
CVE-2025-67721 was published for io.airlift:aircompressor-v3 (Maven) Dec 12, 2025
kyakdan
Credited to kyakdan
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-66567 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation Critical
CVE-2025-66568 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
RubenHalman
Credited to RubenHalman
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database