Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

118,965 advisories

Loading
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed... Moderate Unreviewed
CVE-2022-44759 was published Apr 24, 2025
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in... Moderate Unreviewed
CVE-2022-44760 was published Apr 24, 2025
Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows... Moderate Unreviewed
CVE-2025-46519 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46533 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46534 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46517 was published Apr 24, 2025
Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper ... Moderate Unreviewed
CVE-2025-46531 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46521 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46529 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46532 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows... Moderate Unreviewed
CVE-2025-46513 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46509 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46523 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46525 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46538 was published Apr 24, 2025
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and... Moderate Unreviewed
CVE-2024-30147 was published Apr 24, 2025
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed... Moderate Unreviewed
CVE-2024-30113 was published Apr 24, 2025
Insufficient default configuration in HCL Leap allows anonymous access to directory information. Moderate Unreviewed
CVE-2023-45720 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46541 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46542 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46540 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46536 was published Apr 24, 2025
Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce... Moderate Unreviewed
CVE-2025-46489 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46484 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46483 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database