Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,007 advisories

Loading
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter... Moderate Unreviewed
CVE-2025-34175 was published Sep 9, 2025
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is... Moderate Unreviewed
CVE-2025-34174 was published Sep 9, 2025
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent... Moderate Unreviewed
CVE-2025-34172 was published Sep 9, 2025
Liferay Portal is vulnerable to XSS attacks via its remote app title field Moderate
CVE-2025-43775 was published for com.liferay:com.liferay.client.extension.web (Maven) Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its search bar portlet Moderate
CVE-2025-43781 was published for com.liferay:com.liferay.portal.search.web (Maven) Sep 9, 2025
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field... Moderate Unreviewed
CVE-2025-57540 was published Sep 9, 2025
A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter... Moderate Unreviewed
CVE-2025-57539 was published Sep 9, 2025
A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter... Moderate Unreviewed
CVE-2025-57538 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58983 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58985 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58984 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58982 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58987 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58989 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58988 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58990 was published Sep 9, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site... Moderate Unreviewed
CVE-2025-54252 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47694 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47570 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-30875 was published Sep 9, 2025
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure... Moderate Unreviewed
CVE-2025-55143 was published Sep 9, 2025
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... Moderate Unreviewed
CVE-2025-20280 was published Sep 9, 2025
A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected... Moderate Unreviewed
CVE-2025-9922 was published Sep 9, 2025
A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown... Moderate Unreviewed
CVE-2025-9921 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database