GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,350
Composer 4,652
Erlang 34
GitHub Actions 26
Go 2,257
Maven 5,512
npm 3,909
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,217

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

98,900 advisories

Filter by severity

Sort by

Least recently updated

Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS. This... High Unreviewed

CVE-2025-46466 was published Apr 24, 2025

Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection.... High Unreviewed

CVE-2025-46473 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-46478 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-39408 was published Apr 24, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This... High Unreviewed

CVE-2025-39381 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39360 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39379 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39359 was published Apr 24, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed

CVE-2025-39377 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39384 was published Apr 24, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored... High Unreviewed

CVE-2025-46435 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39383 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39399 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39378 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39391 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-39387 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-39382 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-39400 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-46234 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-46230 was published Apr 24, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path... High Unreviewed

CVE-2025-46439 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-39397 was published Apr 24, 2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed

CVE-2025-32921 was published Apr 24, 2025

Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by... High Unreviewed

CVE-2021-47662 was published Apr 24, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed

CVE-2025-3872 was published Apr 24, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

98,900 advisories