GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,028
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,353
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,619

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

145,527 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed

CVE-2025-14356 was published Dec 12, 2025

The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-11876 was published Dec 12, 2025

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to,... Moderate Unreviewed

CVE-2025-13660 was published Dec 12, 2025

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up... Moderate Unreviewed

CVE-2025-12960 was published Dec 12, 2025

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write... Moderate Unreviewed

CVE-2025-12655 was published Dec 12, 2025

The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14049 was published Dec 12, 2025

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path... Moderate Unreviewed

CVE-2025-13891 was published Dec 12, 2025

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1,... Moderate Unreviewed

CVE-2025-66284 was published Dec 12, 2025

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and... Moderate Unreviewed

CVE-2025-64781 was published Dec 12, 2025

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7... Moderate Unreviewed

CVE-2025-65120 was published Dec 12, 2025

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed

CVE-2025-53523 was published Dec 12, 2025

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed

CVE-2025-54407 was published Dec 12, 2025

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3... Moderate Unreviewed

CVE-2025-57883 was published Dec 12, 2025

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed

CVE-2025-58576 was published Dec 12, 2025

In GroupSession, a Circular notice can be created with its memo field non-editable, but the... Moderate Unreviewed

CVE-2025-61950 was published Dec 12, 2025

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and... Moderate Unreviewed

CVE-2025-61987 was published Dec 12, 2025

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession... Moderate Unreviewed

CVE-2025-62192 was published Dec 12, 2025

The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-14161 was published Dec 12, 2025

The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-14160 was published Dec 12, 2025

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-14162 was published Dec 12, 2025

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-14354 was published Dec 12, 2025

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2025-14391 was published Dec 12, 2025

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... Moderate Unreviewed

CVE-2025-14467 was published Dec 12, 2025

The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-14393 was published Dec 12, 2025

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed

CVE-2025-14392 was published Dec 12, 2025

Previous 1…6…400 Next

Previous 1 2 3 4 5 6 7 8 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

145,527 advisories