Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33,411 advisories

Loading
The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11802 was published Nov 21, 2025
The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11799 was published Nov 21, 2025
The Shortcodes Bootstrap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11764 was published Nov 21, 2025
The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-11770 was published Nov 21, 2025
The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11768 was published Nov 21, 2025
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-12660 was published Nov 21, 2025
The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12661 was published Nov 21, 2025
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search... Moderate Unreviewed
CVE-2025-12746 was published Nov 21, 2025
The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2025-11885 was published Nov 21, 2025
The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tip... Moderate Unreviewed
CVE-2025-11767 was published Nov 21, 2025
The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11763 was published Nov 21, 2025
The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11765 was published Nov 21, 2025
LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If... Moderate Unreviewed
CVE-2025-61949 was published Nov 21, 2025
Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the... Moderate Unreviewed
CVE-2025-55124 was published Nov 20, 2025
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0.... Moderate Unreviewed
CVE-2025-13484 was published Nov 21, 2025
IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows... Moderate Unreviewed
CVE-2025-36153 was published Nov 21, 2025
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a... Moderate Unreviewed
CVE-2025-48987 was published Nov 20, 2025
Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to... Moderate Unreviewed
CVE-2025-63848 was published Nov 20, 2025
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow Moderate
CVE-2025-64027 was published for snipe/snipe-it (Composer) Nov 20, 2025
Angular vulnerable to Cross-site Scripting Moderate
CVE-2021-4231 was published for @angular/core (npm) May 27, 2022
TTracz2i
Credited to TTracz2i
Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability... Moderate Unreviewed
CVE-2025-35029 was published Nov 20, 2025
Angular vulnerable to Cross-site Scripting Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
Credited to tdunlap607
A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of... Moderate Unreviewed
CVE-2025-51662 was published Nov 19, 2025
Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page... Moderate Unreviewed
CVE-2025-59117 was published Nov 18, 2025
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with... Moderate Unreviewed
CVE-2025-64984 was published Nov 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database