Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,482 advisories

Loading
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin... High Unreviewed
CVE-2020-36853 was published Oct 18, 2025
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP... High Unreviewed
CVE-2025-59269 was published Oct 15, 2025
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)... High Unreviewed
CVE-2025-49552 was published Oct 15, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... High Unreviewed
CVE-2025-54264 was published Oct 14, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-8459 was published Oct 14, 2025
A Stored Cross-Site Scripting security issue exists in the affected product that could... High Unreviewed
CVE-2025-7329 was published Oct 14, 2025
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server... High Unreviewed
CVE-2025-40772 was published Oct 14, 2025
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA... High Unreviewed
CVE-2025-10556 was published Oct 13, 2025
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release... High Unreviewed
CVE-2025-10552 was published Oct 13, 2025
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA... High Unreviewed
CVE-2025-10557 was published Oct 13, 2025
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release... High Unreviewed
CVE-2025-10558 was published Oct 13, 2025
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject... High Unreviewed
CVE-2025-60378 was published Oct 10, 2025
Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized... High Unreviewed
CVE-2025-60869 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site... High Unreviewed
CVE-2025-25017 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross... High Unreviewed
CVE-2025-25018 was published Oct 10, 2025
Improper neutralization of input during web page generation ('cross-site scripting') in Azure... High Unreviewed
CVE-2025-55321 was published Oct 9, 2025
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a... High Unreviewed
CVE-2025-10240 was published Oct 9, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2021-22291 was published Oct 7, 2025
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via... High Unreviewed
CVE-2025-25009 was published Oct 7, 2025
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server ... High Unreviewed
CVE-2025-60967 was published Oct 6, 2025
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server ... High Unreviewed
CVE-2025-60958 was published Oct 6, 2025
HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application.... High Unreviewed
CVE-2025-52653 was published Oct 3, 2025
A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7... High Unreviewed
CVE-2025-60991 was published Oct 1, 2025
A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow Application Versions 7337... High Unreviewed
CVE-2025-57393 was published Oct 1, 2025
A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within... High Unreviewed
CVE-2025-57424 was published Sep 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database