GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,787
Composer 4,866
Erlang 36
GitHub Actions 36
Go 2,491
Maven 5,913
npm 4,110
NuGet 735
pip 3,933
Pub 12
RubyGems 945
Rust 1,018
Swift 39

Unreviewed advisories

All unreviewed 268,847

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

268,847 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0... High Unreviewed

CVE-2025-10213 was published Sep 10, 2025

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27... High Unreviewed

CVE-2025-40979 was published Sep 10, 2025

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0... High Unreviewed

CVE-2025-10214 was published Sep 10, 2025

Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. This vulnerability allows... Moderate Unreviewed

CVE-2025-40725 was published Sep 10, 2025

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0... High Unreviewed

CVE-2025-10215 was published Sep 10, 2025

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path... High Unreviewed

CVE-2025-41714 was published Sep 10, 2025

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via... Moderate Unreviewed

CVE-2025-6189 was published Sep 10, 2025

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-9367 was published Sep 10, 2025

The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-10126 was published Sep 10, 2025

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior... Moderate Unreviewed

CVE-2025-9979 was published Sep 10, 2025

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed

CVE-2025-10049 was published Sep 10, 2025

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response... Unknown Unreviewed

CVE-2025-9943 was published Sep 10, 2025

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege... High Unreviewed

CVE-2025-7049 was published Sep 10, 2025

The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL... Moderate Unreviewed

CVE-2025-10142 was published Sep 10, 2025

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed

CVE-2025-8778 was published Sep 10, 2025

The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-7843 was published Sep 10, 2025

The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial'... Moderate Unreviewed

CVE-2025-7826 was published Sep 10, 2025

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net... Moderate Unreviewed

CVE-2025-9463 was published Sep 10, 2025

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-9857 was published Sep 10, 2025

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use... Moderate Unreviewed

CVE-2025-36757 was published Sep 10, 2025

The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-9888 was published Sep 10, 2025

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the... Moderate Unreviewed

CVE-2025-36758 was published Sep 10, 2025

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX... Moderate Unreviewed

CVE-2025-36756 was published Sep 10, 2025

Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby... High Unreviewed

CVE-2025-36759 was published Sep 10, 2025

The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-9622 was published Sep 10, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

268,847 advisories