GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,275
Composer 4,908
Erlang 39
GitHub Actions 38
Go 2,568
Maven 6,036
npm 4,240
NuGet 754
pip 4,004
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,814

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

129,450 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in... Moderate Unreviewed

CVE-2025-61539 was published Oct 16, 2025

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11... Moderate Unreviewed

CVE-2025-46752 was published Oct 16, 2025

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to... Moderate Unreviewed

CVE-2025-9955 was published Oct 16, 2025

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in... Moderate Unreviewed

CVE-2025-53950 was published Oct 16, 2025

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... Moderate Unreviewed

CVE-2025-53951 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow... Moderate Unreviewed

CVE-2025-54859 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow... Moderate Unreviewed

CVE-2025-55072 was published Oct 16, 2025

desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an... Moderate Unreviewed

CVE-2025-58426 was published Oct 16, 2025

Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9... Moderate Unreviewed

CVE-2025-58079 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow... Moderate Unreviewed

CVE-2025-24833 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow... Moderate Unreviewed

CVE-2025-54760 was published Oct 16, 2025

Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of... Moderate Unreviewed

CVE-2025-52583 was published Oct 16, 2025

Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a... Moderate Unreviewed

CVE-2025-41021 was published Oct 16, 2025

HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the... Moderate Unreviewed

CVE-2025-0277 was published Oct 16, 2025

HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure... Moderate Unreviewed

CVE-2025-0276 was published Oct 16, 2025

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed

CVE-2025-10849 was published Oct 16, 2025

ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary... Moderate Unreviewed

CVE-2025-53858 was published Oct 16, 2025

ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of... Moderate Unreviewed

CVE-2025-54461 was published Oct 16, 2025

ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an... Moderate Unreviewed

CVE-2025-58115 was published Oct 16, 2025

HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can... Moderate Unreviewed

CVE-2025-0275 was published Oct 16, 2025

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-11814 was published Oct 16, 2025

HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control.... Moderate Unreviewed

CVE-2025-0274 was published Oct 16, 2025

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-10700 was published Oct 16, 2025

YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds... Moderate Unreviewed

CVE-2025-11683 was published Oct 16, 2025

The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18... Moderate Unreviewed

CVE-2025-43280 was published Oct 15, 2025

Previous 1…3…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

129,450 advisories