Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

280,602 advisories

Loading
Rejected reason: Not used Unknown Unreviewed
CVE-2025-67869 was published Dec 13, 2025
Rejected reason: Not used Unknown Unreviewed
CVE-2025-67866 was published Dec 13, 2025
A vulnerability was identified in code-projects Student File Management System 1.0. This affects... Moderate Unreviewed
CVE-2025-14621 was published Dec 13, 2025
Rejected reason: Not used Unknown Unreviewed
CVE-2025-67871 was published Dec 13, 2025
A security flaw has been discovered in code-projects Student File Management System 1.0. This... Moderate Unreviewed
CVE-2025-14622 was published Dec 13, 2025
A weakness has been identified in code-projects Student File Management System 1.0. This issue... Moderate Unreviewed
CVE-2025-14623 was published Dec 13, 2025
The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-8780 was published Dec 13, 2025
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-8779 was published Dec 13, 2025
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-7960 was published Dec 13, 2025
The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $_SERVER[... Moderate Unreviewed
CVE-2025-9116 was published Dec 13, 2025
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions... Moderate Unreviewed
CVE-2025-9207 was published Dec 13, 2025
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to... Low Unreviewed
CVE-2025-9218 was published Dec 13, 2025
The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-8617 was published Dec 13, 2025
The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-8687 was published Dec 13, 2025
The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-9488 was published Dec 13, 2025
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... Moderate Unreviewed
CVE-2025-9873 was published Dec 13, 2025
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for... Moderate Unreviewed
CVE-2025-9856 was published Dec 13, 2025
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-8195 was published Dec 13, 2025
The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-8199 was published Dec 13, 2025
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X.... Critical Unreviewed
CVE-2025-36751 was published Dec 13, 2025
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented... Critical Unreviewed
CVE-2025-36752 was published Dec 13, 2025
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration... High Unreviewed
CVE-2025-36748 was published Dec 13, 2025
ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A... High Unreviewed
CVE-2025-36750 was published Dec 13, 2025
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default,... High Unreviewed
CVE-2025-36753 was published Dec 13, 2025
The authentication mechanism on web interface is not properly implemented. It is possible to... Critical Unreviewed
CVE-2025-36754 was published Dec 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database