Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,774 advisories

Loading
The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-9623 was published Sep 11, 2025
The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-8316 was published Sep 11, 2025
The WP Scriptcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url'... Moderate Unreviewed
CVE-2025-8691 was published Sep 11, 2025
The Workable Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-8721 was published Sep 11, 2025
The Mitfahrgelegenheit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-8392 was published Sep 11, 2025
The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-8686 was published Sep 11, 2025
The eID Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’... Moderate Unreviewed
CVE-2025-9128 was published Sep 11, 2025
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-8689 was published Sep 11, 2025
The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-8398 was published Sep 11, 2025
The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-9627 was published Sep 11, 2025
The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection... Moderate Unreviewed
CVE-2025-9451 was published Sep 11, 2025
The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5801 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-8425 was published Sep 11, 2025
The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed
CVE-2025-0763 was published Sep 11, 2025
The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... Moderate Unreviewed
CVE-2025-8479 was published Sep 11, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin Moderate
CVE-2025-9910 was published for jsondiffpatch (npm) Sep 11, 2025
cai0duque
Credited to cai0duque
A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the... Moderate Unreviewed
CVE-2025-10247 was published Sep 11, 2025
The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges... High Unreviewed
CVE-2025-9059 was published Sep 11, 2025
The Wp Edit Password Protected WordPress plugin before 1.3.5 does not validate a parameter... Moderate Unreviewed
CVE-2025-9034 was published Sep 11, 2025
A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to... Moderate Unreviewed
CVE-2025-10246 was published Sep 11, 2025
The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-9776 was published Sep 11, 2025
A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue... Moderate Unreviewed
CVE-2025-10245 was published Sep 11, 2025
A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of... Moderate Unreviewed
CVE-2025-10235 was published Sep 11, 2025
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation... Moderate Unreviewed
CVE-2025-6088 was published Sep 11, 2025
A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function... Moderate Unreviewed
CVE-2025-10236 was published Sep 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database