Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

126,626 advisories

Loading
The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-1703 was published Mar 26, 2025
The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions... Moderate Unreviewed
CVE-2025-1310 was published Mar 26, 2025
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of... Moderate Unreviewed
CVE-2025-1440 was published Mar 26, 2025
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-13702 was published Mar 26, 2025
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2025-2167 was published Mar 26, 2025
HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers... Moderate Unreviewed
CVE-2024-30155 was published Mar 26, 2025
Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks ... Moderate Unreviewed
CVE-2023-52972 was published Mar 26, 2025
httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a... Moderate Unreviewed
CVE-2025-30742 was published Mar 26, 2025
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-1784 was published Mar 26, 2025
The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for... Moderate Unreviewed
CVE-2025-2573 was published Mar 26, 2025
The Ayyash Studio — The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-2576 was published Mar 26, 2025
The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2025-1490 was published Mar 26, 2025
The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-2165 was published Mar 26, 2025
The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-2276 was published Mar 26, 2025
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-2302 was published Mar 26, 2025
IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2024-31896 was published Mar 25, 2025
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Moderate Unreviewed
CVE-2024-55029 was published Mar 25, 2025
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall... Moderate Unreviewed
CVE-2025-2312 was published Mar 25, 2025
A vulnerability exists in the RTU500 web server component that can cause a denial of service to... Moderate Unreviewed
CVE-2024-10037 was published Mar 25, 2025
The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an... Moderate Unreviewed
CVE-2025-27631 was published Mar 25, 2025
accountsservice no longer drops permissions when writting .pam_environment Moderate Unreviewed
CVE-2022-1804 was published Mar 25, 2025
The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The... Moderate Unreviewed
CVE-2025-27633 was published Mar 25, 2025
In JetBrains GoLand before 2025.1 an XXE during debugging was possible Moderate Unreviewed
CVE-2025-29932 was published Mar 25, 2025
A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an... Moderate Unreviewed
CVE-2024-11499 was published Mar 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26742 was published Mar 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database