Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33,144 advisories

Loading
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-5343 was published Oct 30, 2025
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a... Moderate Unreviewed
CVE-2025-10348 was published Oct 30, 2025
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-12475 was published Oct 30, 2025
Drupal CivicTheme Design System allows Cross-Site Scripting (XSS) Moderate
CVE-2025-12083 was published for drupal/civictheme (Composer) Oct 30, 2025
Drupal Plausible tracking is vulnerable to XSS Moderate
CVE-2025-10927 was published for drupal/plausible_tracking (Composer) Oct 30, 2025
Drupal JSON Field is vulnerable to XSS Moderate
CVE-2025-10926 was published for drupal/json_field (Composer) Oct 30, 2025
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload Moderate
CVE-2025-64094 was published for DotNetNuke.Core (NuGet) Oct 29, 2025
pdstat bdukes
mitchelsellers valadas
Credited to pdstat, bdukes, mitchelsellers, and valadas
FastMCP vulnerable to reflected XSS in client's callback page Moderate
CVE-2025-62800 was published for fastmcp (pip) Oct 29, 2025
an7y
Credited to an7y
CKAN vulnerable to stored XSS in resource description Moderate
CVE-2025-54384 was published for ckan (pip) Oct 29, 2025
asifnawazminhas
Credited to asifnawazminhas
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs... Moderate Unreviewed
CVE-2025-12450 was published Oct 29, 2025
Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax Moderate
CVE-2025-62798 was published for code16/sharp (Composer) Oct 29, 2025
robyfirnandoyusuf aguingand
Credited to robyfirnandoyusuf and aguingand
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64289 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64291 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64197 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64204 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64200 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64208 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64202 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64220 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-64194 was published Oct 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-49042 was published Oct 29, 2025
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank... Moderate Unreviewed
CVE-2025-61080 was published Oct 28, 2025
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34318 was published Oct 28, 2025
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34313 was published Oct 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database