Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34,836 advisories

Loading
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-4594 was published May 23, 2025
A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of... Moderate Unreviewed
CVE-2024-5962 was published May 22, 2025
A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of... Moderate Unreviewed
CVE-2024-7103 was published May 22, 2025
Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser... Moderate Unreviewed
CVE-2024-13950 was published May 22, 2025
Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become... Moderate Unreviewed
CVE-2024-13958 was published May 22, 2025
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-33138 was published May 22, 2025
The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-4405 was published May 22, 2025
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5062 was published May 22, 2025
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0... Moderate Unreviewed
CVE-2025-45755 was published May 21, 2025
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker... Moderate Unreviewed
CVE-2024-57529 was published May 21, 2025
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the... High Unreviewed
CVE-2025-2261 was published May 21, 2025
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-4611 was published May 21, 2025
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This... Moderate Unreviewed
CVE-2025-5013 was published May 21, 2025
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-4217 was published May 21, 2025
The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-4219 was published May 21, 2025
The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-4221 was published May 21, 2025
The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-3750 was published May 21, 2025
The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-3781 was published May 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-4415 was published May 21, 2025
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed
CVE-2025-20246 was published May 21, 2025
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed
CVE-2025-20247 was published May 21, 2025
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed
CVE-2025-20250 was published May 21, 2025
A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability... Moderate Unreviewed
CVE-2025-45754 was published May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) allows XSS Low
CVE-2025-48206 was published for nitsan/ns-backup (Composer) May 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database