Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,070 advisories

Loading
A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects... Moderate Unreviewed
CVE-2025-9919 was published Sep 10, 2025
A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter... Moderate Unreviewed
CVE-2025-57538 was published Sep 9, 2025
A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field... Moderate Unreviewed
CVE-2025-57540 was published Sep 9, 2025
A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter... Moderate Unreviewed
CVE-2025-57539 was published Sep 9, 2025
Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}. Moderate Unreviewed
CVE-2025-44595 was published Sep 9, 2025
A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file ... Moderate Unreviewed
CVE-2025-9715 was published Sep 10, 2025
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file ... Moderate Unreviewed
CVE-2025-9681 was published Sep 10, 2025
A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file... Moderate Unreviewed
CVE-2025-9680 was published Sep 10, 2025
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon... Moderate Unreviewed
CVE-2025-10227 was published Sep 10, 2025
Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2... Moderate Unreviewed
CVE-2025-10224 was published Sep 10, 2025
A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected... Moderate Unreviewed
CVE-2025-9695 was published Sep 10, 2025
A vulnerability was determined in Campcodes Advanced Online Voting System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-9694 was published Sep 10, 2025
Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in... Moderate Unreviewed
CVE-2025-10221 was published Sep 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump... Moderate Unreviewed
CVE-2025-10222 was published Sep 10, 2025
Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One prior to... Moderate Unreviewed
CVE-2025-10223 was published Sep 10, 2025
Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. This vulnerability allows... Moderate Unreviewed
CVE-2025-40725 was published Sep 10, 2025
The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-9857 was published Sep 10, 2025
It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use... Moderate Unreviewed
CVE-2025-36757 was published Sep 10, 2025
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-9367 was published Sep 10, 2025
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior... Moderate Unreviewed
CVE-2025-9979 was published Sep 10, 2025
The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL... Moderate Unreviewed
CVE-2025-10142 was published Sep 10, 2025
The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2025-7843 was published Sep 10, 2025
The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial'... Moderate Unreviewed
CVE-2025-7826 was published Sep 10, 2025
It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the... Moderate Unreviewed
CVE-2025-36758 was published Sep 10, 2025
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX... Moderate Unreviewed
CVE-2025-36756 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database