Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

111,484 advisories

Loading
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated... High Unreviewed
CVE-2019-25582 was published Mar 21, 2026
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2019-25575 was published Mar 21, 2026
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25581 was published Mar 21, 2026
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2019-25574 was published Mar 21, 2026
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to... High Unreviewed
CVE-2019-25578 was published Mar 21, 2026
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2019-25573 was published Mar 21, 2026
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2019-25576 was published Mar 21, 2026
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25580 was published Mar 21, 2026
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated... High Unreviewed
CVE-2019-25579 was published Mar 21, 2026
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash... High Unreviewed
CVE-2019-25552 was published Mar 21, 2026
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash... High Unreviewed
CVE-2019-25560 was published Mar 21, 2026
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal... High Unreviewed
CVE-2026-4373 was published Mar 21, 2026
The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery... High Unreviewed
CVE-2026-3478 was published Mar 21, 2026
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to... High Unreviewed
CVE-2026-4261 was published Mar 21, 2026
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2026-1648 was published Mar 21, 2026
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie... High Unreviewed
CVE-2026-2468 was published Mar 21, 2026
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection... High Unreviewed
CVE-2026-1800 was published Mar 21, 2026
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of... High Unreviewed
CVE-2026-2941 was published Mar 21, 2026
The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and ... High Unreviewed
CVE-2026-2279 was published Mar 21, 2026
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up... High Unreviewed
CVE-2026-2440 was published Mar 21, 2026
The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2026-3003 was published Mar 21, 2026
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', ... High Unreviewed
CVE-2026-3334 was published Mar 21, 2026
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2026-1313 was published Mar 21, 2026
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path... High Unreviewed
CVE-2025-14037 was published Mar 21, 2026
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request... High Unreviewed
CVE-2026-4302 was published Mar 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database