Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

145,647 advisories

Loading
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14354 was published Dec 12, 2025
The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-14391 was published Dec 12, 2025
The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... Moderate Unreviewed
CVE-2025-14467 was published Dec 12, 2025
The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-14393 was published Dec 12, 2025
The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-14392 was published Dec 12, 2025
The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14158 was published Dec 12, 2025
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed
CVE-2025-14170 was published Dec 12, 2025
The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-14143 was published Dec 12, 2025
The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14165 was published Dec 12, 2025
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when... Moderate Unreviewed
CVE-2025-10684 was published Dec 12, 2025
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7... Moderate Unreviewed
CVE-2025-65120 was published Dec 12, 2025
Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed
CVE-2025-54407 was published Dec 12, 2025
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3... Moderate Unreviewed
CVE-2025-57883 was published Dec 12, 2025
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed
CVE-2025-58576 was published Dec 12, 2025
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up... Moderate Unreviewed
CVE-2025-14166 was published Dec 12, 2025
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed
CVE-2025-53523 was published Dec 12, 2025
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1,... Moderate Unreviewed
CVE-2025-66284 was published Dec 12, 2025
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and... Moderate Unreviewed
CVE-2025-64781 was published Dec 12, 2025
The Hide Email Address plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13884 was published Dec 12, 2025
The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13885 was published Dec 12, 2025
The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-13904 was published Dec 12, 2025
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-13906 was published Dec 12, 2025
The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13889 was published Dec 12, 2025
The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-14032 was published Dec 12, 2025
The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-13966 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database