GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,787
Composer 4,866
Erlang 36
GitHub Actions 36
Go 2,491
Maven 5,913
npm 4,110
NuGet 735
pip 3,933
Pub 12
RubyGems 945
Rust 1,018
Swift 39

Unreviewed advisories

All unreviewed 268,842

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

137,023 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-10126 was published Sep 10, 2025

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior... Moderate Unreviewed

CVE-2025-9979 was published Sep 10, 2025

The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL... Moderate Unreviewed

CVE-2025-10142 was published Sep 10, 2025

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed

CVE-2025-8778 was published Sep 10, 2025

The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-7843 was published Sep 10, 2025

The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial'... Moderate Unreviewed

CVE-2025-7826 was published Sep 10, 2025

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net... Moderate Unreviewed

CVE-2025-9463 was published Sep 10, 2025

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-9857 was published Sep 10, 2025

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via... Moderate Unreviewed

CVE-2025-6189 was published Sep 10, 2025

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-9367 was published Sep 10, 2025

The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-9888 was published Sep 10, 2025

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the... Moderate Unreviewed

CVE-2025-36758 was published Sep 10, 2025

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX... Moderate Unreviewed

CVE-2025-36756 was published Sep 10, 2025

The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-9622 was published Sep 10, 2025

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use... Moderate Unreviewed

CVE-2025-36757 was published Sep 10, 2025

The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is... Moderate Unreviewed

CVE-2025-8388 was published Sep 10, 2025

A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822.... Moderate Unreviewed

CVE-2025-10197 was published Sep 10, 2025

A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function... Moderate Unreviewed

CVE-2025-10195 was published Sep 10, 2025

Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an... Moderate Unreviewed

CVE-2025-58135 was published Sep 10, 2025

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Moderate Unreviewed

CVE-2025-9997 was published Sep 10, 2025

Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon... Moderate Unreviewed

CVE-2025-58131 was published Sep 10, 2025

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated... Moderate Unreviewed

CVE-2025-58134 was published Sep 10, 2025

Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to... Moderate Unreviewed

CVE-2025-49461 was published Sep 10, 2025

Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a... Moderate Unreviewed

CVE-2025-49458 was published Sep 10, 2025

Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated... Moderate Unreviewed

CVE-2025-49460 was published Sep 10, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

137,023 advisories