Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34,010 advisories

Loading
Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI. High Unreviewed
CVE-2025-46657 was published Apr 27, 2025
A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is... Moderate Unreviewed
CVE-2025-3970 was published Apr 27, 2025
A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic.... Moderate Unreviewed
CVE-2025-3965 was published Apr 27, 2025
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a... Low Unreviewed
CVE-2024-52887 was published Apr 27, 2025
A vulnerability classified as problematic was found in withstars Books-Management-System 1.0.... Moderate Unreviewed
CVE-2025-3962 was published Apr 27, 2025
A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0... Moderate Unreviewed
CVE-2025-3961 was published Apr 27, 2025
For an authenticated end-user the portal may run a script while attempting to display a directory... Moderate Unreviewed
CVE-2024-52888 was published Apr 27, 2025
A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as... Moderate Unreviewed
CVE-2025-3958 was published Apr 27, 2025
The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites... Moderate Unreviewed
CVE-2025-1458 was published Apr 26, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain... Moderate Unreviewed
CVE-2025-32984 was published Apr 25, 2025
A cross-site scripting vulnerability was reported in the FileZ client that could allow execution... Moderate Unreviewed
CVE-2025-2069 was published Apr 25, 2025
Moodle has reflected Cross-site Scripting risk in policy tool Moderate
CVE-2025-3643 was published for moodle/moodle (Composer) Apr 25, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This... Moderate Unreviewed
CVE-2025-2986 was published Apr 25, 2025
The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-3870 was published Apr 25, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46482 was published Apr 25, 2025
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-3867 was published Apr 25, 2025
The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-3866 was published Apr 25, 2025
The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-3868 was published Apr 25, 2025
The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-2580 was published Apr 25, 2025
The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-3752 was published Apr 25, 2025
An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a... Moderate Unreviewed
CVE-2025-46595 was published Apr 25, 2025
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for... Moderate Unreviewed
CVE-2025-46545 was published Apr 25, 2025
The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-1294 was published Apr 25, 2025
The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-3749 was published Apr 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database