GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,306
Composer 5,117
Erlang 40
GitHub Actions 38
Go 2,798
Maven 6,192
npm 4,424
NuGet 772
pip 4,192
Pub 12
RubyGems 968
Rust 1,083
Swift 46

Unreviewed advisories

All unreviewed 284,891

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

284,891 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-13852 was published Jan 9, 2026

The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-13967 was published Jan 9, 2026

The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `category... Moderate Unreviewed

CVE-2025-13862 was published Jan 9, 2026

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any... Critical Unreviewed

CVE-2025-66050 was published Jan 9, 2026

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text ... Critical Unreviewed

CVE-2025-7072 was published Jan 9, 2026

The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius... Moderate Unreviewed

CVE-2025-13854 was published Jan 9, 2026

The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-13908 was published Jan 9, 2026

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure... High Unreviewed

CVE-2025-66049 was published Jan 9, 2026

The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2025-13903 was published Jan 9, 2026

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy... High Unreviewed

CVE-2026-22081 was published Jan 9, 2026

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible... Moderate Unreviewed

CVE-2025-66051 was published Jan 9, 2026

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter ... High Unreviewed

CVE-2025-66052 was published Jan 9, 2026

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed

CVE-2025-14172 was published Jan 9, 2026

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-13897 was published Jan 9, 2026

The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-13893 was published Jan 9, 2026

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy... High Unreviewed

CVE-2026-22082 was published Jan 9, 2026

The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-13892 was published Jan 9, 2026

The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-13704 was published Jan 9, 2026

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-11453 was published Jan 9, 2026

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18... Low Unreviewed

CVE-2025-3950 was published Jan 9, 2026

This vulnerability allows authenticated attackers to execute commands via the hostname of the... Critical Unreviewed

CVE-2025-64090 was published Jan 9, 2026

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed

CVE-2025-13717 was published Jan 9, 2026

The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13701 was published Jan 9, 2026

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request... High Unreviewed

CVE-2025-64092 was published Jan 9, 2026

The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-13900 was published Jan 9, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

284,891 advisories