Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

32,775 advisories

Loading
A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue... Moderate Unreviewed
CVE-2025-11946 was published Oct 20, 2025
A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects... Moderate Unreviewed
CVE-2025-11945 was published Oct 19, 2025
The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11926 was published Oct 18, 2025
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-9562 was published Oct 18, 2025
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... Moderate Unreviewed
CVE-2025-11270 was published Oct 18, 2025
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-10006 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62671 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-11937 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62665 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62670 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62663 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62664 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62662 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62667 was published Oct 18, 2025
The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11857 was published Oct 18, 2025
The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in... Moderate Unreviewed
CVE-2020-36854 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62652 was published Oct 18, 2025
ThingsBoard versions < 4.2.1 contain a stored cross-site scripting (XSS) vulnerability in the... Moderate Unreviewed
CVE-2025-34281 was published Oct 17, 2025
ibexa/fieldtype-richtext has an XSS vulnerability via acronym custom tag in Rich Text Moderate
GHSA-8c2g-f8jm-5cr7 was published for ibexa/fieldtype-richtext (Composer) Oct 17, 2025
ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal Moderate
GHSA-2mx6-fq24-g2mh was published for ibexa/admin-ui (Composer) Oct 17, 2025
ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal Moderate
GHSA-99c7-c3mw-mxhv was published for ezsystems/ezplatform-admin-ui (Composer) Oct 17, 2025
Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
CVE-2025-10044 was published for org.keycloak:keycloak-account-ui (Maven) Oct 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-48087 was published Oct 17, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34253 was published Oct 16, 2025
bagisto has Cross Site Scripting (XSS) in Create New Customer Moderate
CVE-2025-62414 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database