Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

131,108 advisories

Loading
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating... Moderate Unreviewed
CVE-2024-11373 was published May 15, 2025
The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places,... Moderate Unreviewed
CVE-2024-12301 was published May 15, 2025
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and... Moderate Unreviewed
CVE-2024-11719 was published May 15, 2025
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not... Moderate Unreviewed
CVE-2024-10362 was published May 15, 2025
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2024-10149 was published May 15, 2025
The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings,... Moderate Unreviewed
CVE-2024-11843 was published May 15, 2025
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does... Moderate Unreviewed
CVE-2024-10475 was published May 15, 2025
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate... Moderate Unreviewed
CVE-2024-10631 was published May 15, 2025
The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in... Moderate Unreviewed
CVE-2023-7196 was published May 15, 2025
The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when... Moderate Unreviewed
CVE-2023-7195 was published May 15, 2025
The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2023-6783 was published May 15, 2025
The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter... Moderate Unreviewed
CVE-2024-10009 was published May 15, 2025
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request... Moderate Unreviewed
CVE-2024-0852 was published May 15, 2025
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url... Moderate Unreviewed
CVE-2023-6786 was published May 15, 2025
The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not... Moderate Unreviewed
CVE-2023-7088 was published May 15, 2025
The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files,... Moderate Unreviewed
CVE-2023-7086 was published May 15, 2025
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could... Moderate Unreviewed
CVE-2023-6541 was published May 15, 2025
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings,... Moderate Unreviewed
CVE-2024-10054 was published May 15, 2025
The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating... Moderate Unreviewed
CVE-2023-7229 was published May 15, 2025
The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters,... Moderate Unreviewed
CVE-2023-7230 was published May 15, 2025
The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters,... Moderate Unreviewed
CVE-2023-7228 was published May 15, 2025
The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a... Moderate Unreviewed
CVE-2024-0249 was published May 15, 2025
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape... Moderate Unreviewed
CVE-2023-7168 was published May 15, 2025
The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating... Moderate Unreviewed
CVE-2023-7297 was published May 15, 2025
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from... Moderate Unreviewed
CVE-2023-6030 was published May 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database