Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

118,965 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46467 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46479 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46260 was published Apr 24, 2025
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing... Moderate Unreviewed
CVE-2025-39390 was published Apr 24, 2025
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social... Moderate Unreviewed
CVE-2025-39404 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross... Moderate Unreviewed
CVE-2025-46436 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46261 was published Apr 24, 2025
Missing Authorization vulnerability in VW Themes Sirat allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2025-39385 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46438 was published Apr 24, 2025
Improper access control of endpoint in HCL Leap allows certain admin users to import applications... Moderate Unreviewed
CVE-2024-30148 was published Apr 24, 2025
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly... Moderate Unreviewed
CVE-2025-46421 was published Apr 24, 2025
A flaw was found in libsoup. It is vulnerable to memory leaks in the... Moderate Unreviewed
CVE-2025-46420 was published Apr 24, 2025
Denial of service due to allocation of resources without limits. The following products are... Moderate Unreviewed
CVE-2025-30409 was published Apr 24, 2025
Local privilege escalation due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2025-30408 was published Apr 24, 2025
A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System... Moderate Unreviewed
CVE-2025-29568 was published Apr 24, 2025
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in ... Moderate Unreviewed
CVE-2025-44135 was published Apr 24, 2025
A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the... Moderate Unreviewed
CVE-2025-44134 was published Apr 24, 2025
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid... Moderate Unreviewed
CVE-2021-47664 was published Apr 24, 2025
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-3832 was published Apr 24, 2025
The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account... Moderate Unreviewed
CVE-2025-3793 was published Apr 24, 2025
The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for... Moderate Unreviewed
CVE-2025-1284 was published Apr 24, 2025
The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is... Moderate Unreviewed
CVE-2025-3280 was published Apr 24, 2025
The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File... Moderate Unreviewed
CVE-2025-2579 was published Apr 24, 2025
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-13307 was published Apr 24, 2025
The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-2543 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database