Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

42,595 advisories

Loading
The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting... High Unreviewed
CVE-2024-12400 was published Jan 30, 2025
The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a... Moderate Unreviewed
CVE-2025-4429 was published May 30, 2025
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape... Moderate Unreviewed
CVE-2025-4133 was published May 22, 2025
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter... Moderate Unreviewed
CVE-2024-12873 was published May 15, 2025
The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape... Moderate Unreviewed
CVE-2024-11189 was published May 15, 2025
The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape... Moderate Unreviewed
CVE-2024-11502 was published May 15, 2025
The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above... Moderate Unreviewed
CVE-2024-12163 was published Jan 30, 2025
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape... Moderate Unreviewed
CVE-2023-7168 was published May 15, 2025
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was... Moderate Unreviewed
CVE-2024-9021 was published Oct 8, 2024
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does... Moderate Unreviewed
CVE-2024-10475 was published May 15, 2025
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its... Moderate Unreviewed
CVE-2024-10632 was published May 15, 2025
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not... Low Unreviewed
CVE-2024-11140 was published May 15, 2025
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2024-10149 was published May 15, 2025
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate... Moderate Unreviewed
CVE-2024-10631 was published May 15, 2025
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not... Moderate Unreviewed
CVE-2024-10362 was published May 15, 2025
A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic.... Moderate Unreviewed
CVE-2025-5887 was published Jun 9, 2025
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects... Moderate Unreviewed
CVE-2025-5886 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48143 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47477 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47487 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-47598 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48279 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31426 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31917 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31057 was published Jun 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database