Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,281 advisories

Loading
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM... High Unreviewed
CVE-2025-36367 was published Nov 1, 2025
The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to,... Moderate Unreviewed
CVE-2025-12180 was published Nov 1, 2025
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for... Critical Unreviewed
CVE-2025-11833 was published Nov 1, 2025
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages... Moderate Unreviewed
CVE-2025-11816 was published Nov 1, 2025
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in... Critical Unreviewed
CVE-2025-64348 was published Oct 31, 2025
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target... High Unreviewed
CVE-2025-64349 was published Oct 31, 2025
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential... Low Unreviewed
CVE-2025-64352 was published Oct 31, 2025
Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet... Moderate Unreviewed
CVE-2025-64356 was published Oct 31, 2025
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons... Moderate Unreviewed
CVE-2025-64358 was published Oct 31, 2025
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows... Low Unreviewed
CVE-2025-64350 was published Oct 31, 2025
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2025-12041 was published Oct 31, 2025
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a... Moderate Unreviewed
CVE-2025-12175 was published Oct 31, 2025
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant... Moderate Unreviewed
CVE-2025-11975 was published Oct 31, 2025
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH... Critical Unreviewed
CVE-2023-7317 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow... High Unreviewed
CVE-2024-13994 was published Oct 31, 2025
Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery... High Unreviewed
CVE-2013-10072 was published Oct 31, 2025
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2025-11881 was published Oct 30, 2025
The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10008 was published Oct 30, 2025
Drupal Acquia DAM allows Forceful Browsing High
CVE-2025-9954 was published for drupal/acquia_dam (Composer) Oct 30, 2025
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64150 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64148 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2025-11587 was published Oct 29, 2025
The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2025-11632 was published Oct 29, 2025
Jenkins Start Windocks Containers Plugin is missing a permission check Moderate
CVE-2025-64139 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools Moderate
CVE-2025-64132 was published for io.jenkins.plugins:mcp-server (Maven) Oct 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database