Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,582 advisories

Loading
Drupal Core Cross-Site Scripting (XSS) Vulnerability Low
CVE-2025-31675 was published for drupal/core (Composer) Apr 1, 2025
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction Low
CVE-2024-39311 was published for publify_core (RubyGems) Mar 28, 2025
PinkDraconian
Credited to PinkDraconian
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources... Low Unreviewed
CVE-2025-2865 was published Mar 28, 2025
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the... Low Unreviewed
CVE-2025-2864 was published Mar 28, 2025
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW... Low Unreviewed
CVE-2025-27574 was published Mar 28, 2025
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
Credited to pysean3
The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-12683 was published Mar 26, 2025
The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings,... Low Unreviewed
CVE-2025-1452 was published Mar 25, 2025
The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-12769 was published Mar 25, 2025
The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which... Low Unreviewed
CVE-2024-13122 was published Mar 25, 2025
The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which... Low Unreviewed
CVE-2024-13123 was published Mar 25, 2025
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape... Low Unreviewed
CVE-2024-10554 was published Mar 25, 2025
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-10560 was published Mar 25, 2025
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise... Low Unreviewed
CVE-2025-1203 was published Mar 24, 2025
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise... Low Unreviewed
CVE-2025-1062 was published Mar 24, 2025
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-10558 was published Mar 24, 2025
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of... Low Unreviewed
CVE-2024-13124 was published Mar 24, 2025
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
Credited to AyushXtha
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group... Low Unreviewed
CVE-2025-30345 was published Mar 21, 2025
LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) contains a vulnerability where... Low Unreviewed
CVE-2024-9901 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10723 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This... Low Unreviewed
CVE-2024-10725 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The... Low Unreviewed
CVE-2024-10722 was published Mar 20, 2025
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0... Low Unreviewed
CVE-2024-10727 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10721 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database