GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,064
Composer 4,877
Erlang 37
GitHub Actions 38
Go 2,538
Maven 5,984
npm 4,197
NuGet 743
pip 3,971
Pub 12
RubyGems 947
Rust 1,030
Swift 39

Unreviewed advisories

All unreviewed 271,790

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

37,393 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple... Moderate Unreviewed

CVE-2025-9075 was published Oct 1, 2025

Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7... Moderate Unreviewed

CVE-2025-43826 was published Oct 1, 2025

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to... Moderate Unreviewed

CVE-2025-36132 was published Sep 30, 2025

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL(... Moderate Unreviewed

CVE-2025-56200 was published Sep 30, 2025

SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site... Moderate Unreviewed

CVE-2025-56018 was published Sep 30, 2025

Improper handling of input could lead to an XSS vector in the checkAttribute method of the input... Moderate Unreviewed

CVE-2025-54476 was published Sep 30, 2025

A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of... Moderate Unreviewed

CVE-2025-28016 was published Sep 30, 2025

The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-9852 was published Sep 30, 2025

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... Moderate Unreviewed

CVE-2025-6815 was published Sep 30, 2025

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-8214 was published Sep 30, 2025

PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious... Moderate Unreviewed

CVE-2025-8116 was published Sep 30, 2025

The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-8608 was published Sep 30, 2025

The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’... Moderate Unreviewed

CVE-2025-8560 was published Sep 30, 2025

The Nexa Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-8624 was published Sep 30, 2025

The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-8623 was published Sep 30, 2025

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-8566 was published Sep 30, 2025

The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-8777 was published Sep 30, 2025

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... Moderate Unreviewed

CVE-2025-6941 was published Sep 30, 2025

The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2025-10179 was published Sep 30, 2025

The Any News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-10168 was published Sep 30, 2025

The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-10131 was published Sep 30, 2025

The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2025-10182 was published Sep 30, 2025

The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2025-10130 was published Sep 30, 2025

The Big Post Shipping for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-10191 was published Sep 30, 2025

The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-10196 was published Sep 30, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

37,393 advisories