Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34,809 advisories

Loading
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content... High Unreviewed
CVE-2025-1763 was published May 30, 2025
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-4944 was published May 30, 2025
The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5235 was published May 30, 2025
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-5236 was published May 30, 2025
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-4943 was published May 30, 2025
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user... Moderate Unreviewed
CVE-2025-41406 was published May 30, 2025
The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5259 was published May 30, 2025
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-5122 was published May 29, 2025
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-5286 was published May 29, 2025
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress... Moderate Unreviewed
CVE-2025-4670 was published May 29, 2025
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-4583 was published May 29, 2025
CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute... Moderate Unreviewed
CVE-2025-27706 was published May 28, 2025
Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component... Moderate Unreviewed
CVE-2025-1461 was published May 28, 2025
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via... High Unreviewed
CVE-2025-30087 was published May 28, 2025
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an... High Unreviewed
CVE-2025-31500 was published May 28, 2025
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an... High Unreviewed
CVE-2025-31501 was published May 28, 2025
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows... Moderate Unreviewed
CVE-2025-40651 was published May 28, 2025
The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2025-4963 was published May 28, 2025
The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-5082 was published May 28, 2025
IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site... Moderate Unreviewed
CVE-2024-45094 was published May 28, 2025
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script... Moderate Unreviewed
CVE-2025-5198 was published May 27, 2025
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via... Moderate Unreviewed
CVE-2025-46173 was published May 27, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-3704 was published May 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database