GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
287,084 advisories
Filter by severity
The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2025-12836
was published
Jan 24, 2026
The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
Critical
Unreviewed
CVE-2025-13374
was published
Jan 24, 2026
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2025-14903
was published
Jan 24, 2026
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2025-14906
was published
Jan 24, 2026
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary...
Moderate
Unreviewed
CVE-2025-14843
was published
Jan 24, 2026
The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site...
Moderate
Unreviewed
CVE-2025-14941
was published
Jan 24, 2026
The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up...
Moderate
Unreviewed
CVE-2025-14609
was published
Jan 24, 2026
The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion...
Moderate
Unreviewed
CVE-2025-14629
was published
Jan 24, 2026
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2025-14797
was published
Jan 24, 2026
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2025-14985
was published
Jan 24, 2026
The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
Moderate
Unreviewed
CVE-2025-13676
was published
Jan 24, 2026
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter...
Moderate
Unreviewed
CVE-2026-0806
was published
Jan 24, 2026
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all...
High
Unreviewed
CVE-2026-0807
was published
Jan 24, 2026
The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
Moderate
Unreviewed
CVE-2026-1070
was published
Jan 24, 2026
A web page that contains unusual GPU shader code is loaded from the Internet into the GPU...
Unknown
Unreviewed
CVE-2025-13952
was published
Jan 24, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability...
Unknown
Unreviewed
CVE-2026-22582
was published
Jan 24, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability...
Unknown
Unreviewed
CVE-2026-22583
was published
Jan 24, 2026
ProTip!
Advisories are also available from the
GraphQL API