Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

30,284 advisories

Loading
A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by... Moderate Unreviewed
CVE-2025-5383 was published May 31, 2025
A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic... Moderate Unreviewed
CVE-2025-5377 was published May 31, 2025
A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0.... Moderate Unreviewed
CVE-2025-5378 was published May 31, 2025
The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2025-4595 was published May 31, 2025
The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-5290 was published May 31, 2025
The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-5285 was published May 31, 2025
The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-4590 was published May 31, 2025
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-3813 was published May 31, 2025
The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks,... Moderate Unreviewed
CVE-2025-5292 was published May 31, 2025
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-5016 was published May 31, 2025
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-4944 was published May 30, 2025
The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5235 was published May 30, 2025
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-5236 was published May 30, 2025
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user... Moderate Unreviewed
CVE-2025-41406 was published May 30, 2025
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-4943 was published May 30, 2025
The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5259 was published May 30, 2025
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-5122 was published May 29, 2025
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-5286 was published May 29, 2025
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress... Moderate Unreviewed
CVE-2025-4670 was published May 29, 2025
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-4583 was published May 29, 2025
CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute... Moderate Unreviewed
CVE-2025-27706 was published May 28, 2025
Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component... Moderate Unreviewed
CVE-2025-1461 was published May 28, 2025
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows... Moderate Unreviewed
CVE-2025-40651 was published May 28, 2025
The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2025-4963 was published May 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database