Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,530 advisories

Loading
The Backup Plus extension for TYPO3 (ns_backup) allows XSS Low
CVE-2025-48206 was published for nitsan/ns-backup (Composer) May 21, 2025
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized... Low Unreviewed
CVE-2025-1420 was published May 21, 2025
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high... Low Unreviewed
CVE-2025-1419 was published May 21, 2025
LibreNMS stored Cross-site Scripting vulnerability in poller group name Low
CVE-2025-47931 was published for librenms/librenms (Composer) May 19, 2025
Fewword
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
Trix vulnerable to Cross-site Scripting on copy & paste Low
CVE-2025-46812 was published for trix (npm) May 8, 2025
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper... Low Unreviewed
CVE-2025-23379 was published May 6, 2025
The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings,... Low Unreviewed
CVE-2025-3583 was published May 5, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3513 was published May 2, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3514 was published May 2, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3502 was published May 1, 2025
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-13381 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3504 was published May 1, 2025
YesWiki Stored XSS Vulnerability in Comments Low
CVE-2025-46346 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting Low
CVE-2025-46350 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
masquerad3r
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-12273 was published Apr 29, 2025
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-9771 was published Apr 28, 2025
The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not... Low Unreviewed
CVE-2025-0627 was published Apr 28, 2025
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a... Low Unreviewed
CVE-2024-52887 was published Apr 27, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
OpenCMS Cross-Site Scripting vulnerability Low
CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA... Low Unreviewed
CVE-2025-3840 was published Apr 21, 2025
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its... Low Unreviewed
CVE-2025-1524 was published Apr 17, 2025
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its... Low Unreviewed
CVE-2025-1523 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database