GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+ Composer
5,000+ Erlang
39 GitHub Actions
38 Go
2,746 Maven
5,000+ npm
4,350 NuGet
765 pip
4,114 Pub
12 RubyGems
960 Rust
1,069 Swift
45Unreviewed advisories
All unreviewed
5,000+145,351 advisories
Filter by severity
Uh oh!
There was an error while loading. Please reload this page.
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an... Moderate Unreviewed
CVE-2025-36746 was published Dec 12, 2025
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14159 was published Dec 12, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12407 was published Dec 12, 2025
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for... Moderate Unreviewed
CVE-2025-12348 was published Dec 12, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12408 was published Dec 12, 2025
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-13993 was published Dec 12, 2025
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14442 was published Dec 12, 2025
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14074 was published Dec 12, 2025
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12965 was published Dec 12, 2025
The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2025-14065 was published Dec 12, 2025
The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-14030 was published Dec 12, 2025
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11876 was published Dec 12, 2025
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG... Moderate Unreviewed
CVE-2025-4970 was published Dec 12, 2025
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to,... Moderate Unreviewed
CVE-2025-13660 was published Dec 12, 2025
The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14049 was published Dec 12, 2025
The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up... Moderate Unreviewed
CVE-2025-12960 was published Dec 12, 2025
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path... Moderate Unreviewed
CVE-2025-13891 was published Dec 12, 2025
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write... Moderate Unreviewed
CVE-2025-12655 was published Dec 12, 2025
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed
CVE-2025-14356 was published Dec 12, 2025
The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-14391 was published Dec 12, 2025
The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14160 was published Dec 12, 2025
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14354 was published Dec 12, 2025
The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-14161 was published Dec 12, 2025
The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14165 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API