Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,925
Maven
5,000+
npm
4,578
NuGet
786
pip
4,290
Pub
12
RubyGems
979
Rust
1,112
Swift
49
Unreviewed advisories
All unreviewed
5,000+

6,217 advisories

Loading
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13416 was published Feb 5, 2026
A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2026-1897 was published Feb 5, 2026
FUXA Unauthenticated Remote Arbitrary Device Tag Write Critical
GHSA-ggxw-g3cp-mgf8 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage High
CVE-2026-25538 was published for github.com/devtron-labs/devtron (Go) Feb 4, 2026
b0b0haha spingARbor
lixingquzhi
Credited to b0b0haha, spingARbor, and lixingquzhi
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of... High Unreviewed
CVE-2025-15285 was published Feb 4, 2026
The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2025-15507 was published Feb 4, 2026
The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation... Moderate Unreviewed
CVE-2025-14461 was published Feb 4, 2026
The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-15260 was published Feb 4, 2026
The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-0572 was published Feb 4, 2026
The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an... Moderate Unreviewed
CVE-2026-0679 was published Feb 4, 2026
Wagtail has improper permission handling on admin preview endpoints Moderate
CVE-2026-25517 was published for wagtail (pip) Feb 3, 2026
thxtech gasman
RealOrangeOne laymonage
Credited to thxtech, gasman, RealOrangeOne, and laymonage
Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer... Moderate Unreviewed
CVE-2026-25021 was published Feb 3, 2026
Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting... Unknown Unreviewed
CVE-2026-25036 was published Feb 3, 2026
Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows... Moderate Unreviewed
CVE-2026-25012 was published Feb 3, 2026
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows... Moderate Unreviewed
CVE-2026-25019 was published Feb 3, 2026
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp... Moderate Unreviewed
CVE-2026-25011 was published Feb 3, 2026
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting... Moderate Unreviewed
CVE-2026-25010 was published Feb 3, 2026
Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows... Moderate Unreviewed
CVE-2026-25020 was published Feb 3, 2026
Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting... Moderate Unreviewed
CVE-2026-25016 was published Feb 3, 2026
Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor... Unknown Unreviewed
CVE-2026-25028 was published Feb 3, 2026
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart... Moderate Unreviewed
CVE-2026-24994 was published Feb 3, 2026
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting... Moderate Unreviewed
CVE-2026-24990 was published Feb 3, 2026
Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms... Moderate Unreviewed
CVE-2026-24985 was published Feb 3, 2026
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode... Moderate Unreviewed
CVE-2026-24995 was published Feb 3, 2026
Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows... Moderate Unreviewed
CVE-2026-24996 was published Feb 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database