Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,294
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,397 advisories

Loading
Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability... Moderate Unreviewed
CVE-2025-35029 was published Nov 20, 2025
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow Moderate
CVE-2025-64027 was published for snipe/snipe-it (Composer) Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to... Moderate Unreviewed
CVE-2025-62731 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium... Moderate Unreviewed
CVE-2025-62295 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account... Moderate Unreviewed
CVE-2025-62729 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium... Moderate Unreviewed
CVE-2025-62296 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium... Moderate Unreviewed
CVE-2025-62297 was published Nov 20, 2025
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with... Moderate Unreviewed
CVE-2025-64984 was published Nov 20, 2025
A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown... Moderate Unreviewed
CVE-2025-13450 was published Nov 20, 2025
A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3... Moderate Unreviewed
CVE-2025-13469 was published Nov 20, 2025
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5092 was published Nov 20, 2025
phppgadmin vulnerable to Cross-site Scripting Low
CVE-2025-60796 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-0643 was published Nov 20, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-11884 was published Nov 20, 2025
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of... Moderate Unreviewed
CVE-2025-13415 was published Nov 20, 2025
A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by... Moderate Unreviewed
CVE-2025-13412 was published Nov 19, 2025
A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of... Moderate Unreviewed
CVE-2025-51662 was published Nov 19, 2025
Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint Moderate
CVE-2025-65019 was published for astro (npm) Nov 19, 2025
zomaxsec
Credited to zomaxsec
Astro vulnerable to reflected XSS via the server islands feature High
CVE-2025-64764 was published for astro (npm) Nov 19, 2025
cold-try
Credited to cold-try
A reflected cross-site scripted (XSS) vulnerability in the /ecommerce/products.php component of E... Moderate Unreviewed
CVE-2025-63879 was published Nov 19, 2025
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery... Moderate Unreviewed
CVE-2024-8528 was published Nov 19, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-11963 was published Nov 19, 2025
A reflected cross-site scripting (XSS) vulnerability exists in the password change functionality... Moderate Unreviewed
CVE-2025-63243 was published Nov 19, 2025
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and... High Unreviewed
CVE-2025-12484 was published Nov 19, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-13206 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database