GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,861
Composer 4,778
Erlang 35
GitHub Actions 29
Go 2,332
Maven 5,636
npm 3,966
NuGet 713
pip 3,759
Pub 12
RubyGems 921
Rust 975
Swift 38

Unreviewed advisories

All unreviewed 259,126

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

27,963 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-48919 was published Jun 13, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-48917 was published Jun 13, 2025

The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2025-6012 was published Jun 13, 2025

The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-5923 was published Jun 13, 2025

The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-5123 was published Jun 13, 2025

The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’... Moderate Unreviewed

CVE-2025-5233 was published Jun 13, 2025

The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-5841 was published Jun 13, 2025

The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’... Moderate Unreviewed

CVE-2025-5950 was published Jun 13, 2025

The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2025-5939 was published Jun 13, 2025

The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-4586 was published Jun 13, 2025

The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-4585 was published Jun 13, 2025

The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-4584 was published Jun 13, 2025

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that,... Moderate Unreviewed

CVE-2025-2745 was published Jun 12, 2025

yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management... Moderate Unreviewed

CVE-2025-44091 was published Jun 12, 2025

A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14... Moderate Unreviewed

CVE-2025-4417 was published Jun 12, 2025

The web application is susceptible to cross-site-scripting attacks. An attacker who can create... Moderate Unreviewed

CVE-2025-49185 was published Jun 12, 2025

The product does not implement sufficient measures to prevent multiple failed authentication... Moderate Unreviewed

CVE-2025-49186 was published Jun 12, 2025

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected... Moderate Unreviewed

CVE-2025-5301 was published Jun 12, 2025

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting... Moderate Unreviewed

CVE-2024-45513 was published Jun 11, 2025

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS)... Moderate Unreviewed

CVE-2024-45517 was published Jun 11, 2025

An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can... Moderate Unreviewed

CVE-2024-45512 was published Jun 11, 2025

An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS)... Moderate Unreviewed

CVE-2024-45514 was published Jun 11, 2025

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and... Moderate Unreviewed

CVE-2025-0917 was published Jun 11, 2025

In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows... Moderate Unreviewed

CVE-2024-45194 was published Jun 11, 2025

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-5144 was published Jun 11, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

27,963 advisories