GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,395
Composer 4,950
Erlang 39
GitHub Actions 38
Go 2,603
Maven 6,053
npm 4,250
NuGet 755
pip 4,013
Pub 12
RubyGems 953
Rust 1,048
Swift 45

Unreviewed advisories

All unreviewed 274,768

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

33,908 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability... Moderate Unreviewed

CVE-2025-60936 was published Oct 24, 2025

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try... Moderate Unreviewed

CVE-2025-5350 was published Oct 24, 2025

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2025-12096 was published Oct 24, 2025

The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-12016 was published Oct 24, 2025

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed

CVE-2025-12017 was published Oct 24, 2025

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-10701 was published Oct 24, 2025

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which... Moderate Unreviewed

CVE-2025-58070 was published Oct 24, 2025

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation... Moderate Unreviewed

CVE-2025-9158 was published Oct 24, 2025

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments... Moderate Unreviewed

CVE-2025-61931 was published Oct 24, 2025

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-7730 was published Oct 24, 2025

Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to... Moderate Unreviewed

CVE-2025-60859 was published Oct 23, 2025

Cross site scripting (XSS) vulnerability in 17gz International Student service system 1.0 allows... Moderate Unreviewed

CVE-2025-57240 was published Oct 23, 2025

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks,... Moderate Unreviewed

CVE-2025-53701 was published Oct 23, 2025

Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows... Moderate Unreviewed

CVE-2025-56008 was published Oct 23, 2025

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an... Moderate Unreviewed

CVE-2025-1679 was published Oct 23, 2025

The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2025-8427 was published Oct 23, 2025

QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form).... Moderate Unreviewed

CVE-2025-9980 was published Oct 23, 2025

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form).... Moderate Unreviewed

CVE-2025-9981 was published Oct 23, 2025

Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd,... Moderate Unreviewed

CVE-2025-40643 was published Oct 23, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-10727 was published Oct 23, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed

CVE-2025-10914 was published Oct 23, 2025

Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of... Moderate Unreviewed

CVE-2025-62499 was published Oct 23, 2025

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert... Moderate Unreviewed

CVE-2025-54806 was published Oct 23, 2025

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If... Moderate Unreviewed

CVE-2025-54856 was published Oct 23, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed

CVE-2025-62659 was published Oct 22, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

33,908 advisories