GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,948
Composer 4,873
Erlang 37
GitHub Actions 36
Go 2,519
Maven 5,959
npm 4,156
NuGet 736
pip 3,956
Pub 12
RubyGems 946
Rust 1,026
Swift 39

Unreviewed advisories

All unreviewed 270,233

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

37,077 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown... Moderate Unreviewed

CVE-2025-10591 was published Sep 17, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-0420 was published Sep 17, 2025

A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an... Moderate Unreviewed

CVE-2025-10590 was published Sep 17, 2025

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-9565 was published Sep 17, 2025

The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-9203 was published Sep 17, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-0419 was published Sep 17, 2025

A vulnerability was identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function... Moderate Unreviewed

CVE-2025-10584 was published Sep 17, 2025

The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-10166 was published Sep 17, 2025

Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Moderate Unreviewed

CVE-2025-8153 was published Sep 17, 2025

The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-8394 was published Sep 17, 2025

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2025-9851 was published Sep 17, 2025

Liferay search widget vulnerable to Cross-site Scripting Moderate

CVE-2025-43804 was published for com.liferay:com.liferay.portal.search (Maven) Sep 17, 2025

A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Affected by... Moderate Unreviewed

CVE-2025-10566 was published Sep 17, 2025

code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in... Moderate Unreviewed

CVE-2025-56293 was published Sep 16, 2025

code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the... Moderate Unreviewed

CVE-2025-56276 was published Sep 16, 2025

code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the... Moderate Unreviewed

CVE-2025-56280 was published Sep 16, 2025

A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the... Moderate Unreviewed

CVE-2025-57145 was published Sep 16, 2025

code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability,... Moderate Unreviewed

CVE-2025-56289 was published Sep 16, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-12796 was published Sep 16, 2025

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to... Moderate Unreviewed

CVE-2025-55834 was published Sep 16, 2025

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common... Moderate Unreviewed

CVE-2025-10546 was published Sep 16, 2025

TYPO3 "Form to Database" extension susceptible to Cross-site Scripting Low

CVE-2025-10316 was published for lavitto/typo3-form-to-database (Composer) Sep 16, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-6575 was published Sep 16, 2025

This vulnerability affects Firefox < 143 and Thunderbird < 143. High Unreviewed

CVE-2025-10534 was published Sep 16, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-2404 was published Sep 16, 2025

Previous 12…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

37,077 advisories