Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,292
NuGet
760
pip
4,070
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,395 advisories

Loading
A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of... Moderate Unreviewed
CVE-2025-51662 was published Nov 19, 2025
SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to... Moderate Unreviewed
CVE-2025-62731 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium... Moderate Unreviewed
CVE-2025-62295 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account... Moderate Unreviewed
CVE-2025-62729 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium... Moderate Unreviewed
CVE-2025-62296 was published Nov 20, 2025
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium... Moderate Unreviewed
CVE-2025-62297 was published Nov 20, 2025
Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint Moderate
CVE-2025-65019 was published for astro (npm) Nov 19, 2025
zomaxsec
Credited to zomaxsec
phppgadmin vulnerable to Cross-site Scripting Low
CVE-2025-60796 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page... Moderate Unreviewed
CVE-2025-59117 was published Nov 18, 2025
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with... Moderate Unreviewed
CVE-2025-64984 was published Nov 20, 2025
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5092 was published Nov 20, 2025
A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3... Moderate Unreviewed
CVE-2025-13469 was published Nov 20, 2025
A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown... Moderate Unreviewed
CVE-2025-13450 was published Nov 20, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-0643 was published Nov 20, 2025
Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data... Moderate Unreviewed
CVE-2025-59115 was published Nov 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-11884 was published Nov 20, 2025
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of... Moderate Unreviewed
CVE-2025-13415 was published Nov 20, 2025
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este... Moderate Unreviewed
CVE-2025-41349 was published Nov 18, 2025
A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by... Moderate Unreviewed
CVE-2025-13412 was published Nov 19, 2025
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este... Moderate Unreviewed
CVE-2025-41350 was published Nov 18, 2025
Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user... Moderate Unreviewed
CVE-2025-3087 was published Apr 4, 2025
Astro vulnerable to reflected XSS via the server islands feature High
CVE-2025-64764 was published for astro (npm) Nov 19, 2025
cold-try
Credited to cold-try
A reflected cross-site scripting (XSS) vulnerability exists in the password change functionality... Moderate Unreviewed
CVE-2025-63243 was published Nov 19, 2025
A reflected cross-site scripted (XSS) vulnerability in the /ecommerce/products.php component of E... Moderate Unreviewed
CVE-2025-63879 was published Nov 19, 2025
Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute... Moderate Unreviewed
CVE-2025-56526 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database