Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

144,453 advisories

Loading
The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-13360 was published Dec 5, 2025
The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13622 was published Dec 5, 2025
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13621 was published Dec 5, 2025
The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13860 was published Dec 5, 2025
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and... Moderate Unreviewed
CVE-2025-12370 was published Dec 5, 2025
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data... Moderate Unreviewed
CVE-2025-13528 was published Dec 5, 2025
The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-12368 was published Dec 5, 2025
The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-12191 was published Dec 5, 2025
The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-13623 was published Dec 5, 2025
The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2025-13006 was published Dec 5, 2025
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets.... Moderate Unreviewed
CVE-2025-66270 was published Dec 5, 2025
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-12190 was published Dec 5, 2025
The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13512 was published Dec 5, 2025
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2025-12163 was published Dec 5, 2025
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-13625 was published Dec 5, 2025
The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12124 was published Dec 5, 2025
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to... Moderate Unreviewed
CVE-2025-32900 was published Dec 5, 2025
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-10055 was published Dec 5, 2025
The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-12417 was published Dec 5, 2025
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai... Moderate Unreviewed
CVE-2025-12189 was published Dec 5, 2025
The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13144 was published Dec 5, 2025
A flaw exists in the verification of application installation sources within ColorOS. Under... Moderate Unreviewed
CVE-2025-27389 was published Dec 5, 2025
The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-13362 was published Dec 5, 2025
The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation... Moderate Unreviewed
CVE-2025-13312 was published Dec 5, 2025
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-13494 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database