Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

306,863 advisories

Loading
The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13365 was published Dec 20, 2025
The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-14735 was published Dec 20, 2025
The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-14721 was published Dec 20, 2025
The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data... Moderate Unreviewed
CVE-2025-14633 was published Dec 20, 2025
After a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters... Moderate Unreviewed
CVE-2025-14591 was published Dec 20, 2025
The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14164 was published Dec 20, 2025
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization... Unknown Unreviewed
CVE-2025-12820 was published Dec 20, 2025
The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-14734 was published Dec 20, 2025
The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14168 was published Dec 20, 2025
The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-13624 was published Dec 20, 2025
The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due... Moderate Unreviewed
CVE-2025-12898 was published Dec 20, 2025
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads... Critical Unreviewed
CVE-2025-13329 was published Dec 20, 2025
The Attachments Handler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12581 was published Dec 20, 2025
Keycloak does not invalidate offline sessions when the offline_access scope is removed Moderate
CVE-2025-12110 was published for org.keycloak:keycloak-services (Maven) Oct 23, 2025
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
GHSA-xmcw-mv9p-7pq2 was published for org.keycloak:keycloak-account-ui (Maven) Sep 5, 2025 withdrawn
julianladisch
Credited to julianladisch
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO Moderate
CVE-2025-68481 was published for fastapi-users (pip) Dec 19, 2025
davidbors-snyk
Credited to davidbors-snyk
cap-std doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51756 was published for cap-async-std (Rust) Nov 5, 2024
nathaniel-daniel
Credited to nathaniel-daniel
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu meenakshisl
Credited to cristianstaicu and meenakshisl
Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address Moderate
GHSA-7m9g-pmxf-m9m8 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 13, 2025 withdrawn
Keycloak vulnerable to session takeovers due to reuse of session identifiers Moderate
CVE-2025-12390 was published for org.keycloak:keycloak-services (Maven) Oct 28, 2025
levpachmanov
Credited to levpachmanov
Duplicate Advisory: Keycloak allows access to admin path through flaw Low
GHSA-c6cm-5gc7-c3f4 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025 withdrawn
Ollama Platform has missing authentication enabling attackers to perform model management operations Critical
CVE-2025-63389 was published for github.com/ollama/ollama (Go) Dec 18, 2025
XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection High
CVE-2025-66474 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Dec 10, 2025
AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue Moderate
CVE-2025-14762 was published for aws-sdk-s3 (RubyGems) Dec 18, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-43731 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database