Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

145,634 advisories

Loading
A security vulnerability has been detected in haxxorsid Stock-Management-System up to... Moderate Unreviewed
CVE-2025-14568 was published Dec 12, 2025
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1.... Moderate Unreviewed
CVE-2025-43406 was published Dec 12, 2025
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core... Moderate Unreviewed
CVE-2025-64011 was published Dec 12, 2025
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu... Moderate Unreviewed
CVE-2025-67342 was published Dec 12, 2025
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects... Moderate Unreviewed
CVE-2025-12843 was published Dec 12, 2025
A security flaw has been discovered in kidaze CourseSelectionSystem up to... Moderate Unreviewed
CVE-2025-14566 was published Dec 12, 2025
A weakness has been identified in haxxorsid Stock-Management-System up to... Moderate Unreviewed
CVE-2025-14567 was published Dec 12, 2025
A vulnerability was identified in kidaze CourseSelectionSystem up to... Moderate Unreviewed
CVE-2025-14565 was published Dec 12, 2025
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the ... Moderate Unreviewed
CVE-2025-67344 was published Dec 12, 2025
jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability... Moderate Unreviewed
CVE-2025-67341 was published Dec 12, 2025
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an... Moderate Unreviewed
CVE-2025-36746 was published Dec 12, 2025
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14159 was published Dec 12, 2025
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12965 was published Dec 12, 2025
The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-14030 was published Dec 12, 2025
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-13993 was published Dec 12, 2025
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14074 was published Dec 12, 2025
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for... Moderate Unreviewed
CVE-2025-12348 was published Dec 12, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12407 was published Dec 12, 2025
The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2025-14065 was published Dec 12, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12408 was published Dec 12, 2025
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows... Moderate Unreviewed
CVE-2025-12841 was published Dec 12, 2025
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14442 was published Dec 12, 2025
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed
CVE-2025-14356 was published Dec 12, 2025
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11876 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database