Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,703 advisories

Loading
The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because... High Unreviewed
CVE-2024-57783 was published Jun 2, 2025
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-4224 was published Jun 3, 2025
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is... High Unreviewed
CVE-2025-4392 was published Jun 3, 2025
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based... High Unreviewed
CVE-2023-51063 was published Jan 13, 2024
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to ... High Unreviewed
CVE-2023-49739 was published Dec 14, 2023
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper... High Unreviewed
CVE-2025-22243 was published Jun 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48329 was published Jun 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-49262 was published Jun 6, 2025
The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL... High Unreviewed
CVE-2025-5303 was published Jun 7, 2025
Jenkins Gatling Plugin Vulnerable to Cross-Site Scripting (XSS) High
CVE-2025-5806 was published for org.jenkins-ci.plugins:gatling (Maven) Jun 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31058 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31061 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31638 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31925 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31057 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31426 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39539 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-32305 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31917 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48143 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47477 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47487 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48279 was published Jun 9, 2025
The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting... High Unreviewed
CVE-2024-12400 was published Jan 30, 2025
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database