GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,912
Composer 5,067
Erlang 39
GitHub Actions 38
Go 2,717
Maven 6,143
npm 4,328
NuGet 761
pip 4,105
Pub 12
RubyGems 958
Rust 1,065
Swift 45

Unreviewed advisories

All unreviewed 278,946

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

38,623 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed

CVE-2025-12499 was published Dec 6, 2025

The Social Feed Gallery Portfolio plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-13896 was published Dec 6, 2025

The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-13907 was published Dec 6, 2025

The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13898 was published Dec 6, 2025

The RevInsite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `token`... Moderate Unreviewed

CVE-2025-13863 was published Dec 6, 2025

The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode... Moderate Unreviewed

CVE-2025-13899 was published Dec 6, 2025

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `... Moderate Unreviewed

CVE-2025-13894 was published Dec 6, 2025

The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed

CVE-2025-13308 was published Dec 6, 2025

The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[... Moderate Unreviewed

CVE-2025-13626 was published Dec 6, 2025

The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-12715 was published Dec 6, 2025

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13656 was published Dec 6, 2025

The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-12717 was published Dec 6, 2025

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-13137 was published Dec 6, 2025

The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13856 was published Dec 6, 2025

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-13857 was published Dec 6, 2025

The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-11263 was published Dec 6, 2025

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed

CVE-2025-12510 was published Dec 6, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34261 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34257 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34265 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34262 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34258 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34264 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34263 was published Dec 5, 2025

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34260 was published Dec 5, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

38,623 advisories