Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,530 advisories

Loading
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3513 was published May 2, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3514 was published May 2, 2025
The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape... Low Unreviewed
CVE-2025-0692 was published Feb 13, 2025
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-13125 was published Feb 13, 2025
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &... Low Unreviewed
CVE-2024-13121 was published Feb 13, 2025
The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings,... Low Unreviewed
CVE-2024-3920 was published May 23, 2024
The Backup Plus extension for TYPO3 (ns_backup) allows XSS Low
CVE-2025-48206 was published for nitsan/ns-backup (Composer) May 21, 2025
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized... Low Unreviewed
CVE-2025-1420 was published May 21, 2025
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high... Low Unreviewed
CVE-2025-1419 was published May 21, 2025
LibreNMS stored Cross-site Scripting vulnerability in poller group name Low
CVE-2025-47931 was published for librenms/librenms (Composer) May 19, 2025
Fewword
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape... Low Unreviewed
CVE-2024-10554 was published Mar 25, 2025
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and... Low Unreviewed
CVE-2024-10545 was published Feb 25, 2025
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-10710 was published Nov 25, 2024
The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-2220 was published May 23, 2024
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not... Low Unreviewed
CVE-2024-10102 was published Jan 7, 2025
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of... Low Unreviewed
CVE-2024-13124 was published Mar 24, 2025
The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-13116 was published Jan 27, 2025
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-10558 was published Mar 24, 2025
The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings,... Low Unreviewed
CVE-2024-3628 was published May 7, 2024
Trix vulnerable to Cross-site Scripting on copy & paste Low
CVE-2025-46812 was published for trix (npm) May 8, 2025
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat,... Low Unreviewed
CVE-2024-2972 was published Apr 24, 2024
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not... Low Unreviewed
CVE-2024-2118 was published Apr 17, 2024
The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-10562 was published Jan 7, 2025
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-13381 was published May 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database