Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,814
Erlang
36
GitHub Actions
32
Go
2,399
Maven
5,000+
npm
4,040
NuGet
722
pip
3,829
Pub
12
RubyGems
932
Rust
1,002
Swift
38
Unreviewed advisories
All unreviewed
5,000+

36,164 advisories

Loading
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Moderate Unreviewed
CVE-2025-5684 was published Jul 29, 2025
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter ... Critical Unreviewed
CVE-2025-44136 was published Jul 29, 2025
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware... Moderate Unreviewed
CVE-2025-52358 was published Jul 29, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs Moderate
CVE-2025-50738 was published for github.com/usememos/memos (Go) Jul 29, 2025
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This... Moderate Unreviewed
CVE-2025-40686 was published Jul 29, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-6060 was published Jul 29, 2025
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This... Moderate Unreviewed
CVE-2025-40685 was published Jul 29, 2025
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This... Moderate Unreviewed
CVE-2025-40683 was published Jul 29, 2025
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This... Moderate Unreviewed
CVE-2025-40684 was published Jul 29, 2025
The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’... Moderate Unreviewed
CVE-2025-6681 was published Jul 29, 2025
The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-6692 was published Jul 29, 2025
The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-5587 was published Jul 29, 2025
The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-8196 was published Jul 29, 2025
The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-8216 was published Jul 29, 2025
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-3075 was published Jul 29, 2025
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-4566 was published Jul 29, 2025
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-7811 was published Jul 29, 2025
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-7810 was published Jul 29, 2025
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-7809 was published Jul 29, 2025
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. Critical Unreviewed
CVE-2025-54298 was published Jul 28, 2025
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for... Critical Unreviewed
CVE-2025-54299 was published Jul 28, 2025
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page Moderate Unreviewed
CVE-2025-54534 was published Jul 28, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata Moderate
CVE-2025-54423 was published for copyparty (pip) Jul 28, 2025
altperfect
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php... Moderate Unreviewed
CVE-2025-32731 was published Jul 28, 2025
HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute... Moderate Unreviewed
CVE-2025-40730 was published Jul 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database