Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,800
Maven
5,000+
npm
4,426
NuGet
773
pip
4,199
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

39,496 advisories

Loading
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-12379 was published Jan 10, 2026
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function... Moderate Unreviewed
CVE-2026-0824 was published Jan 10, 2026
The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-14555 was published Jan 10, 2026
The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-14506 was published Jan 10, 2026
October CMS Vulnerable to Stored XSS via Branding Styles Moderate
CVE-2025-61676 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek daftspunk
Credited to nakkouchtarek and daftspunk
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes High
CVE-2026-22610 was published for @angular/compiler (npm) Jan 9, 2026
alan-agius4 josephperrott
AndrewKushnir hybrist ShelbyKelley gkalpak
Credited to alan-agius4, josephperrott, AndrewKushnir, hybrist, ShelbyKelley, and gkalpak
GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site... Moderate Unreviewed
CVE-2026-22198 was published Jan 9, 2026
October CMS Vulnerable to Stored XSS via Editor and Branding Styles Moderate
CVE-2025-61674 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek daftspunk
Credited to nakkouchtarek and daftspunk
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13704 was published Jan 9, 2026
The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius... Moderate Unreviewed
CVE-2025-13854 was published Jan 9, 2026
The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-13852 was published Jan 9, 2026
The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `category... Moderate Unreviewed
CVE-2025-13862 was published Jan 9, 2026
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-13897 was published Jan 9, 2026
The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13892 was published Jan 9, 2026
The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-13893 was published Jan 9, 2026
The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-13903 was published Jan 9, 2026
The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-13908 was published Jan 9, 2026
The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-13967 was published Jan 9, 2026
The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13701 was published Jan 9, 2026
The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13900 was published Jan 9, 2026
The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-11453 was published Jan 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5,... High Unreviewed
CVE-2025-9222 was published Jan 9, 2026
The Entry Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-13729 was published Jan 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3,... High Unreviewed
CVE-2025-13761 was published Jan 9, 2026
The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-13853 was published Jan 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database