GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,730
Composer 5,030
Erlang 39
GitHub Actions 38
Go 2,670
Maven 6,116
npm 4,296
NuGet 760
pip 4,075
Pub 12
RubyGems 957
Rust 1,058
Swift 45

Unreviewed advisories

All unreviewed 277,901

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

132,604 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment... Moderate Unreviewed

CVE-2025-12752 was published Nov 22, 2025

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... Moderate Unreviewed

CVE-2025-12877 was published Nov 22, 2025

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed

CVE-2025-13136 was published Nov 22, 2025

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed

CVE-2025-13318 was published Nov 22, 2025

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed

CVE-2025-13317 was published Nov 22, 2025

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2025-11186 was published Nov 22, 2025

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple... Moderate Unreviewed

CVE-2025-11936 was published Nov 22, 2025

With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS ... Moderate Unreviewed

CVE-2025-11935 was published Nov 22, 2025

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly... Moderate Unreviewed

CVE-2025-0504 was published Nov 22, 2025

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on... Moderate Unreviewed

CVE-2025-13524 was published Nov 21, 2025

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking... Moderate Unreviewed

CVE-2025-36149 was published Nov 21, 2025

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest... Moderate Unreviewed

CVE-2025-29934 was published Nov 21, 2025

Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers,... Moderate Unreviewed

CVE-2025-48502 was published Nov 21, 2025

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to,... Moderate Unreviewed

CVE-2025-12747 was published Nov 21, 2025

Terraform state versions can be created by a user with specific but insufficient permissions in a... Moderate Unreviewed

CVE-2025-13432 was published Nov 21, 2025

Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility... Moderate Unreviewed

CVE-2025-66112 was published Nov 21, 2025

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting... Moderate Unreviewed

CVE-2025-66082 was published Nov 21, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-66098 was published Nov 21, 2025

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting... Moderate Unreviewed

CVE-2025-66083 was published Nov 21, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-66081 was published Nov 21, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-66091 was published Nov 21, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-66090 was published Nov 21, 2025

Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting... Moderate Unreviewed

CVE-2025-66087 was published Nov 21, 2025

Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows... Moderate Unreviewed

CVE-2025-66084 was published Nov 21, 2025

Missing Authorization vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes... Moderate Unreviewed

CVE-2025-66085 was published Nov 21, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

132,604 advisories