GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,713
Composer 4,743
Erlang 35
GitHub Actions 29
Go 2,315
Maven 5,600
npm 3,949
NuGet 711
pip 3,729
Pub 12
RubyGems 920
Rust 965
Swift 38

Unreviewed advisories

All unreviewed 257,525

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

34,843 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-4221 was published May 21, 2025

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed

CVE-2025-20250 was published May 21, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-4415 was published May 21, 2025

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed

CVE-2025-20247 was published May 21, 2025

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed

CVE-2025-20246 was published May 21, 2025

A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability... Moderate Unreviewed

CVE-2025-45754 was published May 21, 2025

The Backup Plus extension for TYPO3 (ns_backup) allows XSS Low

CVE-2025-48206 was published for nitsan/ns-backup (Composer) May 21, 2025

[clickstorm] SEO (cs_seo) TYPO3 extension Cross-site Scripting (XSS) vulnerability Moderate

CVE-2025-48203 was published for clickstorm/cs-seo (Composer) May 21, 2025

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized... Low Unreviewed

CVE-2025-1420 was published May 21, 2025

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high... Low Unreviewed

CVE-2025-1419 was published May 21, 2025

A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected... Moderate Unreviewed

CVE-2025-5007 was published May 21, 2025

A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This... Moderate Unreviewed

CVE-2025-5011 was published May 21, 2025

A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This... Moderate Unreviewed

CVE-2025-5010 was published May 21, 2025

A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5.... Moderate Unreviewed

CVE-2025-4996 was published May 20, 2025

The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13678 was published May 20, 2025

The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13669 was published May 20, 2025

The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13634 was published May 20, 2025

The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13629 was published May 20, 2025

The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter... High Unreviewed

CVE-2024-13633 was published May 20, 2025

The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed

CVE-2024-13630 was published May 20, 2025

The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not... Moderate Unreviewed

CVE-2024-12737 was published May 20, 2025

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape... Moderate Unreviewed

CVE-2024-10563 was published May 20, 2025

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible Moderate Unreviewed

CVE-2025-47852 was published May 20, 2025

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible Moderate Unreviewed

CVE-2025-47851 was published May 20, 2025

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible Moderate Unreviewed

CVE-2025-47853 was published May 20, 2025

Previous 1 2 3 4 5 6 7 8 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

34,843 advisories