Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,685
Maven
5,000+
npm
4,318
NuGet
760
pip
4,092
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33,460 advisories

Loading
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is... Moderate Unreviewed
CVE-2025-13007 was published Dec 2, 2025
The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections &... Moderate Unreviewed
CVE-2025-13697 was published Dec 2, 2025
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab Moderate
CVE-2025-66310 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab Moderate
CVE-2025-66309 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]` Moderate
CVE-2025-66308 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]` Moderate
CVE-2025-66312 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters Moderate
CVE-2025-66311 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-13835 was published Dec 1, 2025
Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site... Moderate Unreviewed
CVE-2025-64030 was published Dec 1, 2025
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User... Moderate Unreviewed
CVE-2025-63520 was published Dec 1, 2025
Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clickedu. This vulnerability... Moderate Unreviewed
CVE-2025-41070 was published Dec 1, 2025
A vulnerability was determined in jairiidriss RestaurantWebsite up to... Moderate Unreviewed
CVE-2025-13802 was published Dec 1, 2025
A weakness has been identified in codingWithElias School Management System up to... Moderate Unreviewed
CVE-2025-13795 was published Dec 1, 2025
A weakness has been identified in winston-dsouza Ecommerce-Website up to... Moderate Unreviewed
CVE-2025-13793 was published Nov 30, 2025
A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This... Moderate Unreviewed
CVE-2025-13784 was published Nov 30, 2025
Tryton sao allows XSS because it does not escape completion values Moderate
CVE-2025-66421 was published for tryton-sao (npm) Nov 30, 2025
Tryton sao allows XSS via an HTML attachment Moderate
CVE-2025-66420 was published for tryton-sao (npm) Nov 30, 2025
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling... Moderate Unreviewed
CVE-2025-65540 was published Nov 29, 2025
Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote... Moderate Unreviewed
CVE-2025-65892 was published Nov 29, 2025
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed
CVE-2025-51734 was published Nov 28, 2025
ThingsBoard allows an authenticated user to upload malicious SVG images Moderate
CVE-2025-3261 was published for org.thingsboard:application (Maven) Nov 27, 2025
Malicious e-mail content can be used to execute script code. Unintended actions can be executed... Moderate Unreviewed
CVE-2025-59025 was published Nov 27, 2025
Malicious content uploaded as file can be used to execute script code when following attacker... Moderate Unreviewed
CVE-2025-59026 was published Nov 27, 2025
Malicious content at office documents can be used to inject script code when editing a document.... Moderate Unreviewed
CVE-2025-30190 was published Nov 27, 2025
Malicious content uploaded as file can be used to execute script code when following attacker... Moderate Unreviewed
CVE-2025-30186 was published Nov 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database