Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,565 advisories

Loading
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group... Low Unreviewed
CVE-2025-30345 was published Mar 21, 2025
LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) contains a vulnerability where... Low Unreviewed
CVE-2024-9901 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10721 was published Mar 20, 2025
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0... Low Unreviewed
CVE-2024-10727 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2,... Low Unreviewed
CVE-2024-10724 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The... Low Unreviewed
CVE-2024-10722 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10723 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This... Low Unreviewed
CVE-2024-10725 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically... Low Unreviewed
CVE-2024-10719 was published Mar 20, 2025
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of... Low Unreviewed
CVE-2025-1623 was published Mar 16, 2025
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of... Low Unreviewed
CVE-2025-1622 was published Mar 16, 2025
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of... Low Unreviewed
CVE-2025-1624 was published Mar 16, 2025
MODX allows cross-site scripting (XSS) via an SVG file Low
CVE-2025-28010 was published for modx/revolution (Composer) Mar 13, 2025
Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler Low
CVE-2025-2214 was published for microweber/microweber (Composer) Mar 12, 2025
The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social... Low Unreviewed
CVE-2024-13615 was published Mar 11, 2025
Magento LTS vulnerable to stored XSS in theme config fields Low
CVE-2025-27400 was published for openmage/magento-lts (Composer) Mar 3, 2025
justlife4x4
tsup DOM Clobbering vulnerability Low
CVE-2024-53384 was published for tsup (npm) Mar 3, 2025
seajs Cross-site Scripting vulnerability Low
CVE-2024-51091 was published for seajs (npm) Mar 3, 2025
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject... Low Unreviewed
CVE-2025-22272 was published Feb 28, 2025
copyparty renders unsanitized filenames as HTML when user uploads empty files Low
CVE-2025-27145 was published for copyparty (pip) Feb 26, 2025
JayPatel48
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and... Low Unreviewed
CVE-2024-10545 was published Feb 25, 2025
Moodle has a stored XSS in ddimageortext question type Low
CVE-2025-26528 was published for moodle/moodle (Composer) Feb 24, 2025
tarteaucitron Cross-site Scripting (XSS) Low
CVE-2025-1467 was published for tarteaucitronjs (npm) Feb 23, 2025
Leantime allows Cross-Site Scripting (XSS) Low
GHSA-f679-254h-qhvj was published for leantime/leantime (Composer) Feb 21, 2025
justWalsdi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database