GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,350
Composer 4,652
Erlang 34
GitHub Actions 26
Go 2,257
Maven 5,512
npm 3,909
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,240

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

118,977 advisories

Filter by severity

Sort by

Least recently updated

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution ... Moderate Unreviewed

CVE-2025-3775 was published Apr 25, 2025

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the... Moderate Unreviewed

CVE-2025-46599 was published Apr 25, 2025

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-3923 was published Apr 25, 2025

The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2025-3752 was published Apr 25, 2025

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric... Moderate Unreviewed

CVE-2025-3511 was published Apr 25, 2025

The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-2580 was published Apr 25, 2025

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-3861 was published Apr 25, 2025

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new... Moderate Unreviewed

CVE-2025-46544 was published Apr 25, 2025

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a... Moderate Unreviewed

CVE-2025-46595 was published Apr 25, 2025

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for... Moderate Unreviewed

CVE-2025-46545 was published Apr 25, 2025

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with... Moderate Unreviewed

CVE-2025-46547 was published Apr 25, 2025

The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-3749 was published Apr 25, 2025

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed... Moderate Unreviewed

CVE-2022-44759 was published Apr 24, 2025

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in... Moderate Unreviewed

CVE-2022-44760 was published Apr 24, 2025

Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows... Moderate Unreviewed

CVE-2025-46519 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46533 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46534 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46517 was published Apr 24, 2025

Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper ... Moderate Unreviewed

CVE-2025-46531 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46521 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46529 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46532 was published Apr 24, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows... Moderate Unreviewed

CVE-2025-46513 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46509 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46523 was published Apr 24, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

118,977 advisories