Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

229 advisories

Loading
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-11267 was published Nov 18, 2025
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-11265 was published Nov 18, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed
CVE-2025-60244 was published Nov 6, 2025
The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of ... High Unreviewed
CVE-2025-8386 was published Nov 15, 2025
A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop... Moderate Unreviewed
CVE-2025-54348 was published Nov 14, 2025
A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of... High Unreviewed
CVE-2025-54346 was published Nov 14, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-49398 was published Nov 6, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-62936 was published Oct 27, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-62897 was published Oct 27, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-58970 was published Oct 22, 2025
The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-11874 was published Nov 11, 2025
The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-12753 was published Nov 11, 2025
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised... High Unreviewed
CVE-2025-39663 was published Oct 30, 2025
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-33110 was published Nov 6, 2025
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-11745 was published Nov 5, 2025
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-11987 was published Nov 5, 2025
PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name,... Moderate Unreviewed
CVE-2023-51308 was published Feb 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of... Moderate Unreviewed
CVE-2023-34354 was published Oct 11, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device... Moderate Unreviewed
CVE-2023-24496 was published Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device... Moderate Unreviewed
CVE-2023-24497 was published Jul 6, 2023
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7... High Unreviewed
CVE-2024-34507 was published May 5, 2024
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This... High Unreviewed
CVE-2025-8029 was published Jul 22, 2025
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability... Critical Unreviewed
CVE-2025-53883 was published Oct 30, 2025
IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker... Moderate Unreviewed
CVE-2025-36121 was published Oct 27, 2025
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution... Moderate Unreviewed
CVE-2025-11823 was published Oct 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database