Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

103,831 advisories

Loading
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13869 was published Feb 22, 2025
Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled... High Unreviewed
CVE-2022-28339 was published Feb 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows... High Unreviewed
CVE-2025-27012 was published Feb 22, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26760 was published Feb 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26774 was published Feb 22, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-26757 was published Feb 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-26756 was published Feb 22, 2025
The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-0953 was published Feb 22, 2025
The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2025-0918 was published Feb 22, 2025
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-0957 was published Feb 22, 2025
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is... High Unreviewed
CVE-2024-7695 was published Jan 29, 2025
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing... High Unreviewed
CVE-2023-6648 was published Dec 10, 2023
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information... High Unreviewed
CVE-2025-1361 was published Feb 22, 2025
The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection... High Unreviewed
CVE-2024-13474 was published Feb 22, 2025
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2024-13899 was published Feb 22, 2025
The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution... High Unreviewed
CVE-2025-1509 was published Feb 22, 2025
The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2025-1510 was published Feb 22, 2025
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL... High Unreviewed
CVE-2025-26794 was published Feb 21, 2025
PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows... High Unreviewed
CVE-2023-51333 was published Feb 20, 2025
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which... High Unreviewed
CVE-2023-51336 was published Feb 20, 2025
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow High
GHSA-5hc5-fxr9-5frc was published for mautic/core (Composer) Sep 19, 2024 withdrawn
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit High
CVE-2025-1403 was published for qiskit (pip) Feb 21, 2025
A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming... High Unreviewed
CVE-2025-26305 was published Feb 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database