GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,776
Composer 5,036
Erlang 39
GitHub Actions 38
Go 2,680
Maven 6,124
npm 4,308
NuGet 760
pip 4,081
Pub 12
RubyGems 958
Rust 1,061
Swift 45

Unreviewed advisories

All unreviewed 278,333

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

34,484 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A weakness has been identified in winston-dsouza Ecommerce-Website up to... Moderate Unreviewed

CVE-2025-13793 was published Nov 30, 2025

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This... Moderate Unreviewed

CVE-2025-13784 was published Nov 30, 2025

Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6... Moderate Unreviewed

CVE-2025-66420 was published Nov 30, 2025

Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values... Moderate Unreviewed

CVE-2025-66421 was published Nov 30, 2025

Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed

CVE-2025-51734 was published Nov 28, 2025

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of... High Unreviewed

CVE-2025-66359 was published Nov 28, 2025

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG... Moderate Unreviewed

CVE-2025-3261 was published Nov 27, 2025

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed

CVE-2025-13692 was published Nov 27, 2025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed... Moderate Unreviewed

CVE-2025-59025 was published Nov 27, 2025

Malicious content uploaded as file can be used to execute script code when following attacker... Moderate Unreviewed

CVE-2025-59026 was published Nov 27, 2025

Malicious content at office documents can be used to inject script code when editing a document.... Moderate Unreviewed

CVE-2025-30190 was published Nov 27, 2025

Malicious content uploaded as file can be used to execute script code when following attacker... Moderate Unreviewed

CVE-2025-30186 was published Nov 27, 2025

The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed

CVE-2025-12123 was published Nov 27, 2025

The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2025-12185 was published Nov 27, 2025

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-13525 was published Nov 27, 2025

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-12151 was published Nov 27, 2025

The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple... Moderate Unreviewed

CVE-2025-12670 was published Nov 27, 2025

The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty... Moderate Unreviewed

CVE-2025-12712 was published Nov 27, 2025

The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-12666 was published Nov 27, 2025

The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'... Moderate Unreviewed

CVE-2025-12649 was published Nov 27, 2025

The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-12713 was published Nov 27, 2025

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in... Moderate Unreviewed

CVE-2024-5540 was published Nov 27, 2025

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed

CVE-2025-64130 was published Nov 26, 2025

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads... Moderate Unreviewed

CVE-2025-9163 was published Nov 26, 2025

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS)... High Unreviewed

CVE-2025-12848 was published Nov 26, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

34,484 advisories