Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

281,253 advisories

Loading
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-68065 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68076 was published Dec 16, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-68067 was published Dec 16, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-68068 was published Dec 16, 2025
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate... Moderate Unreviewed
CVE-2025-68071 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68078 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68070 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68079 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68077 was published Dec 16, 2025
Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows... Unknown Unreviewed
CVE-2025-66121 was published Dec 16, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media... Unknown Unreviewed
CVE-2025-66126 was published Dec 16, 2025
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy... Moderate Unreviewed
CVE-2025-66133 was published Dec 16, 2025
Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce... Moderate Unreviewed
CVE-2025-67929 was published Dec 16, 2025
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows... Moderate Unreviewed
CVE-2025-64635 was published Dec 16, 2025
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI... Moderate Unreviewed
CVE-2025-66132 was published Dec 16, 2025
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-67976 was published Dec 16, 2025
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows... Moderate Unreviewed
CVE-2025-66127 was published Dec 16, 2025
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting... Moderate Unreviewed
CVE-2025-66120 was published Dec 16, 2025
Missing Authorization vulnerability in etruel WP Views Counter wpecounter allows Exploiting... Moderate Unreviewed
CVE-2025-66130 was published Dec 16, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ... Moderate Unreviewed
CVE-2025-66125 was published Dec 16, 2025
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-66129 was published Dec 16, 2025
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig... Critical Unreviewed
CVE-2025-66131 was published Dec 16, 2025
Missing Authorization vulnerability in merkulove Coder for Elementor coder-elementor allows... Moderate Unreviewed
CVE-2025-66147 was published Dec 16, 2025
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp... Moderate Unreviewed
CVE-2025-64639 was published Dec 16, 2025
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce... Moderate Unreviewed
CVE-2025-64638 was published Dec 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database