Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

262 advisories

Loading
The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-4334 was published Jun 26, 2025
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20282 was published Jun 26, 2025
On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch... Critical Unreviewed
CVE-2025-0505 was published May 8, 2025
An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to... Critical Unreviewed
CVE-2025-25962 was published Apr 29, 2025
The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up... Critical Unreviewed
CVE-2025-3278 was published Apr 19, 2025
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the... Critical Unreviewed
CVE-2025-28399 was published Apr 15, 2025
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to,... Critical Unreviewed
CVE-2025-2798 was published Apr 4, 2025
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication... Critical Unreviewed
CVE-2025-2237 was published Apr 1, 2025
An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via... Critical Unreviewed
CVE-2025-22937 was published Mar 31, 2025
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is... Critical Unreviewed
CVE-2025-2232 was published Mar 14, 2025
The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed
CVE-2025-0177 was published Mar 8, 2025
The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and... Critical Unreviewed
CVE-2024-12281 was published Mar 5, 2025
The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all... Critical Unreviewed
CVE-2024-11951 was published Mar 5, 2025
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed
CVE-2024-8420 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 executes with more privileges than required. Critical Unreviewed
CVE-2024-36046 was published Feb 28, 2025
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up... Critical Unreviewed
CVE-2025-0180 was published Feb 11, 2025
An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2024-55215 was published Feb 8, 2025
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2024-9636 was published Jan 15, 2025
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... Critical Unreviewed
CVE-2024-9478 was published Nov 20, 2024
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... Critical Unreviewed
CVE-2024-9479 was published Nov 20, 2024
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data... Critical Unreviewed
CVE-2024-8074 was published Nov 12, 2024
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2024-9518 was published Oct 10, 2024
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege... Critical Unreviewed
CVE-2024-3057 was published Oct 8, 2024
According to the researcher: "The TLS connections are encrypted against tampering or... Critical Unreviewed
CVE-2024-44097 was published Oct 2, 2024
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2024-9265 was published Oct 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database