GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
109,387 advisories
Filter by severity
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery...
Moderate
Unreviewed
CVE-2023-2599
was published
Jun 9, 2023
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up...
Moderate
Unreviewed
CVE-2023-2891
was published
Jun 9, 2023
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to...
Moderate
Unreviewed
CVE-2023-2764
was published
Jun 9, 2023
The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin...
Moderate
Unreviewed
CVE-2023-2584
was published
Jun 9, 2023
The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection...
Moderate
Unreviewed
CVE-2023-2484
was published
Jun 9, 2023
The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions...
Moderate
Unreviewed
CVE-2023-2526
was published
Jun 9, 2023
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2023-2452
was published
Jun 9, 2023
The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2023-2450
was published
Jun 9, 2023
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is...
Moderate
Unreviewed
CVE-2023-2414
was published
Jun 9, 2023
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2023-2305
was published
Jun 9, 2023
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and...
Moderate
Unreviewed
CVE-2023-2280
was published
Jun 9, 2023
The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions...
Moderate
Unreviewed
CVE-2023-2087
was published
Jun 9, 2023
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due...
Moderate
Unreviewed
CVE-2023-2085
was published
Jun 9, 2023
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due...
Moderate
Unreviewed
CVE-2023-2086
was published
Jun 9, 2023
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due...
Moderate
Unreviewed
CVE-2023-2084
was published
Jun 9, 2023
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due...
Moderate
Unreviewed
CVE-2023-2083
was published
Jun 9, 2023
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected...
Moderate
Unreviewed
CVE-2023-1978
was published
Jun 9, 2023
The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2023-2031
was published
Jun 9, 2023
The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Moderate
Unreviewed
CVE-2023-1917
was published
Jun 9, 2023
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in...
Moderate
Unreviewed
CVE-2023-1889
was published
Jun 9, 2023
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2023-1843
was published
Jun 9, 2023
The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2023-1404
was published
Jun 9, 2023
The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via...
Moderate
Unreviewed
CVE-2023-1615
was published
Jun 9, 2023
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2023-1403
was published
Jun 9, 2023
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in...
Moderate
Unreviewed
CVE-2023-1375
was published
Jun 9, 2023
ProTip!
Advisories are also available from the
GraphQL API