Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

30,026 advisories

Loading
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0... Moderate Unreviewed
CVE-2025-36172 was published Nov 4, 2025
Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site... Moderate Unreviewed
CVE-2021-47698 was published Nov 4, 2025
Nagios XI versions prior to 5.4.0 are vulnerable to cross-site scripting (XSS) via the jQuery... Moderate Unreviewed
CVE-2016-15054 was published Nov 4, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php. Moderate Unreviewed
CVE-2025-63450 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. Moderate Unreviewed
CVE-2025-63446 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. Moderate Unreviewed
CVE-2025-63448 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. Moderate Unreviewed
CVE-2025-63447 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php. Moderate Unreviewed
CVE-2025-63449 was published Nov 3, 2025
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid... Moderate Unreviewed
CVE-2025-50363 was published Nov 3, 2025
Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via... Moderate Unreviewed
CVE-2025-63442 was published Nov 3, 2025
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via... Moderate Unreviewed
CVE-2025-63443 was published Nov 3, 2025
The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the... Moderate Unreviewed
CVE-2025-6988 was published Nov 1, 2025
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is... Moderate Unreviewed
CVE-2025-12090 was published Nov 1, 2025
The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post... Moderate Unreviewed
CVE-2025-12118 was published Nov 1, 2025
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-11502 was published Nov 1, 2025
The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is... Moderate Unreviewed
CVE-2025-11927 was published Nov 1, 2025
The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-11928 was published Nov 1, 2025
The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11922 was published Nov 1, 2025
A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an... Moderate Unreviewed
CVE-2025-12546 was published Oct 31, 2025
Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user... Moderate Unreviewed
CVE-2024-13992 was published Oct 31, 2025
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can... Moderate Unreviewed
CVE-2025-12460 was published Oct 31, 2025
A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0... Moderate Unreviewed
CVE-2025-61427 was published Oct 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64362 was published Oct 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64367 was published Oct 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64365 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database