Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

268,970 advisories

Loading
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data... High Unreviewed
CVE-2025-9018 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40689 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40691 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40687 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40690 was published Sep 11, 2025
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected... Low Unreviewed
CVE-2025-10250 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40692 was published Sep 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in... Moderate Unreviewed
CVE-2025-40696 was published Sep 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in... Moderate Unreviewed
CVE-2025-40694 was published Sep 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in... Moderate Unreviewed
CVE-2025-40695 was published Sep 11, 2025
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in... Moderate Unreviewed
CVE-2025-40693 was published Sep 11, 2025
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2025-9874 was published Sep 11, 2025
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. Critical Unreviewed
CVE-2025-58321 was published Sep 11, 2025
The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-9855 was published Sep 11, 2025
A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server ... High Unreviewed
CVE-2025-9918 was published Sep 11, 2025
The User Meta – User Profile Builder and User management plugin plugin for WordPress is... High Unreviewed
CVE-2025-9693 was published Sep 11, 2025
The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-9632 was published Sep 11, 2025
The Evenium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-9850 was published Sep 11, 2025
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. High Unreviewed
CVE-2025-58320 was published Sep 11, 2025
The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-9634 was published Sep 11, 2025
The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-9633 was published Sep 11, 2025
The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-9861 was published Sep 11, 2025
The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-9635 was published Sep 11, 2025
The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-9860 was published Sep 11, 2025
The Jobify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘keyword’... Moderate Unreviewed
CVE-2025-8318 was published Sep 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database