Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

30,939 advisories

Loading
A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This... Moderate Unreviewed
CVE-2025-5011 was published May 21, 2025
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected... Moderate Unreviewed
CVE-2025-5007 was published May 21, 2025
A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This... Moderate Unreviewed
CVE-2025-5010 was published May 21, 2025
A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5.... Moderate Unreviewed
CVE-2025-4996 was published May 20, 2025
The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13634 was published May 20, 2025
The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13678 was published May 20, 2025
The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13669 was published May 20, 2025
The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13629 was published May 20, 2025
The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13630 was published May 20, 2025
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter... High Unreviewed
CVE-2024-13633 was published May 20, 2025
The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape... Moderate Unreviewed
CVE-2024-10563 was published May 20, 2025
The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not... Moderate Unreviewed
CVE-2024-12737 was published May 20, 2025
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible Moderate Unreviewed
CVE-2025-47852 was published May 20, 2025
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible Moderate Unreviewed
CVE-2025-47853 was published May 20, 2025
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible Moderate Unreviewed
CVE-2025-47851 was published May 20, 2025
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to... Moderate Unreviewed
CVE-2025-41228 was published May 20, 2025
A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to... Moderate Unreviewed
CVE-2025-40633 was published May 20, 2025
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site... Moderate Unreviewed
CVE-2025-4951 was published May 20, 2025
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2024-5878 was published May 20, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39365 was published May 19, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39372 was published May 19, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39392 was published May 19, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39393 was published May 19, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31027 was published May 19, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-43832 was published May 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database