GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,028
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,353
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,667

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

145,558 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed

CVE-2025-14170 was published Dec 12, 2025

The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-14143 was published Dec 12, 2025

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-14165 was published Dec 12, 2025

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when... Moderate Unreviewed

CVE-2025-10684 was published Dec 12, 2025

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1,... Moderate Unreviewed

CVE-2025-66284 was published Dec 12, 2025

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and... Moderate Unreviewed

CVE-2025-64781 was published Dec 12, 2025

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7... Moderate Unreviewed

CVE-2025-65120 was published Dec 12, 2025

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed

CVE-2025-53523 was published Dec 12, 2025

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed

CVE-2025-54407 was published Dec 12, 2025

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3... Moderate Unreviewed

CVE-2025-57883 was published Dec 12, 2025

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed

CVE-2025-58576 was published Dec 12, 2025

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up... Moderate Unreviewed

CVE-2025-14166 was published Dec 12, 2025

The Hide Email Address plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13884 was published Dec 12, 2025

The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13885 was published Dec 12, 2025

The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2025-13904 was published Dec 12, 2025

The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2025-13906 was published Dec 12, 2025

The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13889 was published Dec 12, 2025

The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-14032 was published Dec 12, 2025

The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-13966 was published Dec 12, 2025

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-13971 was published Dec 12, 2025

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-13975 was published Dec 12, 2025

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the ... Moderate Unreviewed

CVE-2025-13972 was published Dec 12, 2025

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color... Moderate Unreviewed

CVE-2025-14035 was published Dec 12, 2025

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due... Moderate Unreviewed

CVE-2025-14045 was published Dec 12, 2025

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-13987 was published Dec 12, 2025

Previous 1…8…400 Next

Previous 1 2 … 6 7 8 9 10 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

145,558 advisories