GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,350
Composer 4,652
Erlang 34
GitHub Actions 26
Go 2,257
Maven 5,512
npm 3,909
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,256

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

128,788 advisories

Filter by severity

Sort by

Least recently updated

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This... Moderate Unreviewed

CVE-2025-2986 was published Apr 25, 2025

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is... Moderate Unreviewed

CVE-2025-3912 was published Apr 25, 2025

Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows... Moderate Unreviewed

CVE-2025-46535 was published Apr 25, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46482 was published Apr 25, 2025

The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-3870 was published Apr 25, 2025

The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-3867 was published Apr 25, 2025

The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order... Moderate Unreviewed

CVE-2025-3743 was published Apr 25, 2025

The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2025-3866 was published Apr 25, 2025

The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed

CVE-2025-3868 was published Apr 25, 2025

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution ... Moderate Unreviewed

CVE-2025-3775 was published Apr 25, 2025

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the... Moderate Unreviewed

CVE-2025-46599 was published Apr 25, 2025

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-3923 was published Apr 25, 2025

The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2025-3752 was published Apr 25, 2025

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric... Moderate Unreviewed

CVE-2025-3511 was published Apr 25, 2025

The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-2580 was published Apr 25, 2025

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-3861 was published Apr 25, 2025

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new... Moderate Unreviewed

CVE-2025-46544 was published Apr 25, 2025

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a... Moderate Unreviewed

CVE-2025-46595 was published Apr 25, 2025

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for... Moderate Unreviewed

CVE-2025-46545 was published Apr 25, 2025

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with... Moderate Unreviewed

CVE-2025-46547 was published Apr 25, 2025

The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-3749 was published Apr 25, 2025

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed... Moderate Unreviewed

CVE-2022-44759 was published Apr 24, 2025

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in... Moderate Unreviewed

CVE-2022-44760 was published Apr 24, 2025

Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows... Moderate Unreviewed

CVE-2025-46519 was published Apr 24, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-46533 was published Apr 24, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

128,788 advisories