Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

362 advisories

Loading
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to... Critical Unreviewed
CVE-2026-26369 was published Feb 15, 2026
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less... Critical Unreviewed
CVE-2025-8572 was published Feb 14, 2026
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-15027 was published Feb 8, 2026
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset... Critical Unreviewed
CVE-2025-15030 was published Feb 2, 2026
Kyverno Cross-Namespace Privilege Escalation via Policy apiCall Critical
CVE-2026-22039 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev
Credited to thevilledev
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User... Critical Unreviewed
CVE-2026-0920 was published Jan 22, 2026
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-14533 was published Jan 20, 2026
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-15403 was published Jan 17, 2026
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs.... Critical Unreviewed
CVE-2026-22238 was published Jan 14, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in... Critical Unreviewed
CVE-2025-14736 was published Jan 9, 2026
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13619 was published Dec 20, 2025
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25... Critical Unreviewed
CVE-2025-67793 was published Dec 17, 2025
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1... Critical Unreviewed
CVE-2025-67781 was published Dec 17, 2025
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to... Critical Unreviewed
CVE-2025-13764 was published Dec 11, 2025
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13542 was published Dec 2, 2025
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through... Critical Unreviewed
CVE-2025-59693 was published Dec 2, 2025
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13540 was published Nov 27, 2025
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-13538 was published Nov 27, 2025
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and... Critical Unreviewed
CVE-2025-13675 was published Nov 27, 2025
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the ... Critical Unreviewed
CVE-2025-66266 was published Nov 26, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged... Critical Unreviewed
CVE-2025-33187 was published Nov 25, 2025
The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,... Critical Unreviewed
CVE-2025-13559 was published Nov 25, 2025
A missing validation process exists in Serv U when abused, could give a malicious actor with... Critical Unreviewed
CVE-2025-40548 was published Nov 18, 2025
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress... Critical Unreviewed
CVE-2025-11457 was published Nov 11, 2025
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with... Critical Unreviewed
CVE-2025-46364 was published Nov 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database