Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34,000 advisories

Loading
A cross-site scripting vulnerability was reported in the FileZ client that could allow execution... Moderate Unreviewed
CVE-2025-2069 was published Apr 25, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
Moodle has reflected Cross-site Scripting risk in policy tool Moderate
CVE-2025-3643 was published for moodle/moodle (Composer) Apr 25, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This... Moderate Unreviewed
CVE-2025-2986 was published Apr 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46482 was published Apr 25, 2025
The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-3870 was published Apr 25, 2025
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-3867 was published Apr 25, 2025
The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-3866 was published Apr 25, 2025
The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-3868 was published Apr 25, 2025
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-3752 was published Apr 25, 2025
The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-2580 was published Apr 25, 2025
An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a... Moderate Unreviewed
CVE-2025-46595 was published Apr 25, 2025
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for... Moderate Unreviewed
CVE-2025-46545 was published Apr 25, 2025
The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-1294 was published Apr 25, 2025
The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-3749 was published Apr 25, 2025
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed... Moderate Unreviewed
CVE-2022-44759 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46533 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46534 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46517 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46521 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46529 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46532 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46509 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46523 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46525 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database