Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

145,498 advisories

Loading
The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-9944 was published Sep 27, 2025
The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for... Moderate Unreviewed
CVE-2025-9899 was published Sep 27, 2025
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This... Moderate Unreviewed
CVE-2025-11051 was published Sep 27, 2025
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-9898 was published Sep 27, 2025
The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-9894 was published Sep 27, 2025
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-9893 was published Sep 27, 2025
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file... Moderate Unreviewed
CVE-2025-11050 was published Sep 27, 2025
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some... Moderate Unreviewed
CVE-2025-11049 was published Sep 27, 2025
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10499 was published Sep 27, 2025
The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first... Moderate Unreviewed
CVE-2025-8440 was published Sep 27, 2025
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10498 was published Sep 27, 2025
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery... Moderate Unreviewed
CVE-2024-43192 was published Sep 27, 2025
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2025-36239 was published Sep 27, 2025
WSO2 Identity Server Apps allows content spoofing in logs Moderate
CVE-2024-6429 was published for org.wso2.identity.apps:authentication-portal (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function... Moderate Unreviewed
CVE-2025-11047 was published Sep 27, 2025
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this... Moderate Unreviewed
CVE-2025-11048 was published Sep 27, 2025
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API Moderate
CVE-2023-26143 was published for blamer (npm) Sep 19, 2023
lirantal
Credited to lirantal
PiranhaCMS stored XSS Moderate
CVE-2025-57692 was published for Piranha (NuGet) Sep 26, 2025
In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid... Moderate Unreviewed
CVE-2025-21654 was published Jan 19, 2025
In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on... Moderate Unreviewed
CVE-2024-57932 was published Jan 21, 2025
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute... Moderate Unreviewed
CVE-2025-29156 was published Sep 25, 2025
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to... Moderate Unreviewed
CVE-2025-55556 was published Sep 25, 2025
Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via ... Moderate Unreviewed
CVE-2025-26258 was published Sep 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database