Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,565 advisories

Loading
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not... Low Unreviewed
CVE-2024-11140 was published May 15, 2025
Trix vulnerable to Cross-site Scripting on copy & paste Low
CVE-2025-46812 was published for trix (npm) May 8, 2025
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper... Low Unreviewed
CVE-2025-23379 was published May 6, 2025
The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings,... Low Unreviewed
CVE-2025-3583 was published May 5, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3513 was published May 2, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3514 was published May 2, 2025
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-13381 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3502 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3504 was published May 1, 2025
YesWiki Stored XSS Vulnerability in Comments Low
CVE-2025-46346 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting Low
CVE-2025-46350 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
masquerad3r
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-12273 was published Apr 29, 2025
The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not... Low Unreviewed
CVE-2025-0627 was published Apr 28, 2025
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-9771 was published Apr 28, 2025
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a... Low Unreviewed
CVE-2024-52887 was published Apr 27, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
OpenCMS Cross-Site Scripting vulnerability Low
CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA... Low Unreviewed
CVE-2025-3840 was published Apr 21, 2025
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not... Low Unreviewed
CVE-2024-11924 was published Apr 17, 2025
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its... Low Unreviewed
CVE-2025-1524 was published Apr 17, 2025
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its... Low Unreviewed
CVE-2025-1525 was published Apr 17, 2025
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its... Low Unreviewed
CVE-2025-1523 was published Apr 17, 2025
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The... Low Unreviewed
CVE-2024-45712 was published Apr 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database