Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,747
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,682 advisories

Loading
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious... High Unreviewed
CVE-2025-22249 was published May 13, 2025
Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker... High Unreviewed
CVE-2025-29152 was published May 7, 2025
Graylog Allows Session Takeover via Insufficient HTML Sanitization High
CVE-2025-46827 was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser High
GHSA-q9q2-3ppx-mwqf was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-0667 was published May 7, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-0666 was published May 7, 2025
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page... High Unreviewed
CVE-2025-0984 was published May 6, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-1301 was published May 2, 2025
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection... High Unreviewed
CVE-2023-37535 was published May 1, 2025
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting High
CVE-2025-46349 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php... High Unreviewed
CVE-2015-4582 was published Apr 28, 2025
Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI. High Unreviewed
CVE-2025-46657 was published Apr 27, 2025
The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-1294 was published Apr 25, 2025
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. High Unreviewed
CVE-2023-37534 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-46502 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-46499 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-46478 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-46449 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39400 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39408 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39397 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39382 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-46234 was published Apr 24, 2025
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-2767 was published Apr 23, 2025
The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter... High Unreviewed
CVE-2024-13569 was published Apr 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database