Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

31,273 advisories

Loading
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the... High Unreviewed
CVE-2025-2261 was published May 21, 2025
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker... Moderate Unreviewed
CVE-2024-57529 was published May 21, 2025
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-4611 was published May 21, 2025
The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-4219 was published May 21, 2025
The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-3750 was published May 21, 2025
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-4217 was published May 21, 2025
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This... Moderate Unreviewed
CVE-2025-5013 was published May 21, 2025
The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-3781 was published May 21, 2025
The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-4221 was published May 21, 2025
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed
CVE-2025-20250 was published May 21, 2025
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed
CVE-2025-20247 was published May 21, 2025
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross... Moderate Unreviewed
CVE-2025-20246 was published May 21, 2025
A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability... Moderate Unreviewed
CVE-2025-45754 was published May 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-4415 was published May 21, 2025
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized... Low Unreviewed
CVE-2025-1420 was published May 21, 2025
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high... Low Unreviewed
CVE-2025-1419 was published May 21, 2025
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected... Moderate Unreviewed
CVE-2025-5007 was published May 21, 2025
A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This... Moderate Unreviewed
CVE-2025-5011 was published May 21, 2025
A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This... Moderate Unreviewed
CVE-2025-5010 was published May 21, 2025
A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5.... Moderate Unreviewed
CVE-2025-4996 was published May 20, 2025
The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13678 was published May 20, 2025
The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13669 was published May 20, 2025
The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13634 was published May 20, 2025
The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-13629 was published May 20, 2025
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter... High Unreviewed
CVE-2024-13633 was published May 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database