Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

280,388 advisories

Loading
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in... Moderate Unreviewed
CVE-2025-1973 was published Mar 22, 2025
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed
CVE-2024-13666 was published Mar 22, 2025
The Gotcha | Gesture-based Captcha plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-2482 was published Mar 22, 2025
The Multi Video Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-2484 was published Mar 22, 2025
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress... Moderate Unreviewed
CVE-2024-13768 was published Mar 22, 2025
The Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13856 was published Mar 22, 2025
The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-2303 was published Mar 22, 2025
The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail... Moderate Unreviewed
CVE-2025-2477 was published Mar 22, 2025
The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2025-2479 was published Mar 22, 2025
The Code Clone plugin for WordPress is vulnerable to time-based SQL Injection via the ‘snippetId’... Moderate Unreviewed
CVE-2025-2478 was published Mar 22, 2025
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress... Moderate Unreviewed
CVE-2025-0807 was published Mar 22, 2025
The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL... Moderate Unreviewed
CVE-2025-1311 was published Mar 22, 2025
The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to"... Moderate Unreviewed
CVE-2024-13739 was published Mar 22, 2025
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-0723 was published Mar 22, 2025
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-1408 was published Mar 22, 2025
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2025-0724 was published Mar 22, 2025
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a... Critical Unreviewed
CVE-2025-30472 was published Mar 22, 2025
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-13737 was published Mar 22, 2025
: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks... Moderate Unreviewed
CVE-2025-26500 was published Mar 22, 2025
Improper neutralization of input during web page generation vulnerability in MagnusSolution... High Unreviewed
CVE-2025-2609 was published Mar 22, 2025
Improper neutralization of input during web page generation vulnerability in MagnusSolution... High Unreviewed
CVE-2025-2610 was published Mar 22, 2025
A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2.... Moderate Unreviewed
CVE-2025-2608 was published Mar 22, 2025
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
jwt-go allows excessive memory allocation during header parsing High
CVE-2025-30204 was published for github.com/golang-jwt/jwt (Go) Mar 21, 2025
jub0bs Web-E
peterbourgon skitt
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in... High Unreviewed
CVE-2025-25035 was published Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database