Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124,420 advisories

Loading
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-13217 was published Feb 27, 2025
The Card Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-13734 was published Feb 27, 2025
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS,... Moderate Unreviewed
CVE-2025-1450 was published Feb 27, 2025
A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2... Moderate Unreviewed
CVE-2024-0392 was published Feb 27, 2025
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for... Moderate Unreviewed
CVE-2024-13907 was published Feb 27, 2025
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to... Moderate Unreviewed
CVE-2024-5848 was published Feb 27, 2025
The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-1689 was published Feb 27, 2025
The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-1690 was published Feb 27, 2025
The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed
CVE-2024-13905 was published Feb 27, 2025
The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-13647 was published Feb 27, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected... Moderate Unreviewed
CVE-2024-2321 was published Feb 27, 2025
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is... Moderate Unreviewed
CVE-2025-0469 was published Feb 27, 2025
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-6261 was published Feb 27, 2025
There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows... Moderate Unreviewed
CVE-2025-1726 was published Feb 26, 2025
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka majkelstick
escopecz
MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store... Moderate Unreviewed
CVE-2025-0941 was published Feb 26, 2025
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow... Moderate Unreviewed
CVE-2025-20118 was published Feb 26, 2025
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated... Moderate Unreviewed
CVE-2025-20119 was published Feb 26, 2025
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco... Moderate Unreviewed
CVE-2025-20161 was published Feb 26, 2025
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to... Moderate Unreviewed
CVE-2025-20116 was published Feb 26, 2025
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute... Moderate Unreviewed
CVE-2025-20117 was published Feb 26, 2025
The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some... Moderate Unreviewed
CVE-2024-13113 was published Feb 26, 2025
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the... Moderate Unreviewed
CVE-2025-25800 was published Feb 26, 2025
A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers... Moderate Unreviewed
CVE-2024-46226 was published Feb 26, 2025
HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation... Moderate Unreviewed
CVE-2024-30150 was published Feb 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database