GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,718
Composer 4,743
Erlang 35
GitHub Actions 29
Go 2,318
Maven 5,601
npm 3,950
NuGet 711
pip 3,729
Pub 12
RubyGems 920
Rust 965
Swift 38

Unreviewed advisories

All unreviewed 257,707

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

30,316 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-4223 was published May 24, 2025

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2024-13427 was published May 24, 2025

The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed

CVE-2025-3869 was published May 24, 2025

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-5055 was published May 24, 2025

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of... Moderate Unreviewed

CVE-2025-44998 was published May 23, 2025

A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards... Moderate Unreviewed

CVE-2024-51099 was published May 23, 2025

Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus... Moderate Unreviewed

CVE-2024-48704 was published May 23, 2025

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline Moderate

CVE-2025-48378 was published for DotNetNuke.Core (NuGet) May 23, 2025

Reflected Cross-Site Scripting (XSS) in module actions in edit mode Moderate

CVE-2025-48377 was published for DotNetNuke.Core (NuGet) May 23, 2025

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus... Moderate Unreviewed

CVE-2024-51107 was published May 23, 2025

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates... Moderate Unreviewed

CVE-2024-51108 was published May 23, 2025

PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata... Moderate Unreviewed

CVE-2024-48702 was published May 23, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46518 was published May 23, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46493 was published May 23, 2025

Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS... Moderate Unreviewed

CVE-2025-3894 was published May 23, 2025

DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS).... Moderate Unreviewed

CVE-2025-4379 was published May 23, 2025

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-5096 was published May 23, 2025

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-4594 was published May 23, 2025

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of... Moderate Unreviewed

CVE-2024-5962 was published May 22, 2025

Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser... Moderate Unreviewed

CVE-2024-13950 was published May 22, 2025

Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become... Moderate Unreviewed

CVE-2024-13958 was published May 22, 2025

A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of... Moderate Unreviewed

CVE-2024-7103 was published May 22, 2025

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed

CVE-2025-33138 was published May 22, 2025

The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-4405 was published May 22, 2025

The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-5062 was published May 22, 2025

Previous 1 2 3 4 5 6 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

30,316 advisories