Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

144,539 advisories

Loading
A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of... Moderate Unreviewed
CVE-2025-14189 was published Dec 7, 2025
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an... Moderate Unreviewed
CVE-2025-14186 was published Dec 7, 2025
A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function... Moderate Unreviewed
CVE-2025-14184 was published Dec 7, 2025
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an... Moderate Unreviewed
CVE-2025-14185 was published Dec 7, 2025
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the... Moderate Unreviewed
CVE-2025-14183 was published Dec 7, 2025
A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability... Moderate Unreviewed
CVE-2025-14182 was published Dec 7, 2025
A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Impacted is the function... Moderate Unreviewed
CVE-2025-14139 was published Dec 6, 2025
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed
CVE-2025-13748 was published Dec 6, 2025
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode... Moderate Unreviewed
CVE-2025-13899 was published Dec 6, 2025
The RevInsite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `token`... Moderate Unreviewed
CVE-2025-13863 was published Dec 6, 2025
The Social Feed Gallery Portfolio plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-13896 was published Dec 6, 2025
The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `... Moderate Unreviewed
CVE-2025-13894 was published Dec 6, 2025
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13898 was published Dec 6, 2025
The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-13907 was published Dec 6, 2025
A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The... Moderate Unreviewed
CVE-2025-14117 was published Dec 6, 2025
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12091 was published Dec 6, 2025
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is... Moderate Unreviewed
CVE-2025-13922 was published Dec 6, 2025
The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13856 was published Dec 6, 2025
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-13857 was published Dec 6, 2025
The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13137 was published Dec 6, 2025
The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly... Moderate Unreviewed
CVE-2025-13309 was published Dec 6, 2025
The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page... Moderate Unreviewed
CVE-2025-13358 was published Dec 6, 2025
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2025-13308 was published Dec 6, 2025
The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[... Moderate Unreviewed
CVE-2025-13626 was published Dec 6, 2025
The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13629 was published Dec 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database