Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

33,991 advisories

Loading
The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-2580 was published Apr 25, 2025
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-3752 was published Apr 25, 2025
An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a... Moderate Unreviewed
CVE-2025-46595 was published Apr 25, 2025
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for... Moderate Unreviewed
CVE-2025-46545 was published Apr 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-3900 was published Apr 23, 2025
The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-3749 was published Apr 25, 2025
The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-1294 was published Apr 25, 2025
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and... Moderate Unreviewed
CVE-2022-38801 was published Nov 30, 2022
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave,... Moderate Unreviewed
CVE-2022-38803 was published Nov 30, 2022
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign,... Moderate Unreviewed
CVE-2022-38802 was published Nov 30, 2022
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed... Moderate Unreviewed
CVE-2022-44759 was published Apr 24, 2025
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to... Moderate Unreviewed
CVE-2023-41425 was published Nov 14, 2023
A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System... Moderate Unreviewed
CVE-2025-29568 was published Apr 24, 2025
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net:... Moderate Unreviewed
CVE-2022-46391 was published Dec 4, 2022
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. High Unreviewed
CVE-2023-37534 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46533 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46534 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46517 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46521 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46529 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46532 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46523 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46525 was published Apr 24, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46538 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database