GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,358
Composer 4,819
Erlang 36
GitHub Actions 32
Go 2,410
Maven 5,802
npm 4,046
NuGet 723
pip 3,842
Pub 12
RubyGems 933
Rust 1,003
Swift 38

Unreviewed advisories

All unreviewed 264,504

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

287,862 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is... Moderate Unreviewed

CVE-2025-6626 was published Aug 2, 2025

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-8152 was published Aug 2, 2025

The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-8212 was published Aug 2, 2025

The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-8399 was published Aug 2, 2025

The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all... Moderate Unreviewed

CVE-2025-8400 was published Aug 2, 2025

The Magic Edge – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-8391 was published Aug 2, 2025

The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-8317 was published Aug 2, 2025

A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as... Moderate Unreviewed

CVE-2025-8466 was published Aug 2, 2025

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to... Moderate Unreviewed

CVE-2025-7694 was published Aug 2, 2025

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-8146 was published Aug 2, 2025

Partner Software's Partner Software Product and corresponding Partner Web application use the... Unknown Unreviewed

CVE-2025-6077 was published Aug 2, 2025

Partner Software's Partner Software application and Partner Web application do not sanitize files... Unknown Unreviewed

CVE-2025-6076 was published Aug 2, 2025

Partner Software's Partner Software application and Partner Web application allows an... Unknown Unreviewed

CVE-2025-6078 was published Aug 2, 2025

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local... High Unreviewed

CVE-2025-0217 was published May 5, 2025

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on... High Unreviewed

CVE-2025-4613 was published Jun 12, 2025

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531... High Unreviewed

CVE-2025-6337 was published Jun 20, 2025

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected... Low Unreviewed

CVE-2024-13978 was published Aug 2, 2025

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the... Critical Unreviewed

CVE-2025-50870 was published Aug 1, 2025

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... High Unreviewed

CVE-2013-10061 was published Aug 1, 2025

An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev... High Unreviewed

CVE-2013-10050 was published Aug 1, 2025

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low... High Unreviewed

CVE-2013-10044 was published Aug 1, 2025

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500... Moderate Unreviewed

CVE-2013-10062 was published Aug 1, 2025

An authenticated OS command injection vulnerability exists in various Linksys router models ... High Unreviewed

CVE-2013-10058 was published Aug 1, 2025

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed

CVE-2013-10060 was published Aug 1, 2025

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows... Critical Unreviewed

CVE-2013-10047 was published Aug 1, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

287,862 advisories