GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,615
Composer 5,561
Erlang 49
GitHub Actions 49
Go 3,436
Maven 6,374
npm 5,656
NuGet 883
pip 4,694
Pub 13
RubyGems 1,029
Rust 1,212
Swift 53

Unreviewed advisories

All unreviewed 297,120

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,592 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed

CVE-2026-1830 was published Apr 9, 2026

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1... Critical Unreviewed

CVE-2026-3199 was published Apr 9, 2026

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that... Critical Unreviewed

CVE-2026-40035 was published Apr 9, 2026

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed

CVE-2026-1306 was published Feb 14, 2026

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed

CVE-2026-1340 was published Jan 30, 2026

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions... Critical Unreviewed

CVE-2026-0926 was published Feb 19, 2026

The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed

CVE-2025-4334 was published Jun 26, 2025

The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed

CVE-2025-2004 was published Apr 8, 2025

The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed

CVE-2025-3603 was published Apr 24, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all... Critical Unreviewed

CVE-2024-11635 was published Jan 8, 2025

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite... Critical Unreviewed

CVE-2024-11642 was published Jan 9, 2025

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the ... Critical Unreviewed

CVE-2024-3604 was published Jul 9, 2024

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up... Critical Unreviewed

CVE-2024-6624 was published Jul 11, 2024

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all... Critical Unreviewed

CVE-2024-4442 was published May 21, 2024

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2026-2942 was published Apr 8, 2026

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in... Critical Unreviewed

CVE-2024-3070 was published May 14, 2024

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin... Critical Unreviewed

CVE-2024-1698 was published Feb 27, 2024

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress... Critical Unreviewed

CVE-2023-6875 was published Jan 11, 2024

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the... Critical Unreviewed

CVE-2026-4415 was published Mar 30, 2026

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2023-2437 was published Nov 22, 2023

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to,... Critical Unreviewed

CVE-2023-2449 was published Nov 22, 2023

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads... Critical Unreviewed

CVE-2025-13329 was published Dec 20, 2025

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset... Critical Unreviewed

CVE-2025-13313 was published Dec 5, 2025

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to... Critical Unreviewed

CVE-2025-8570 was published Sep 11, 2025

The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed

CVE-2025-9967 was published Oct 15, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,592 advisories