GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,638
Composer 5,007
Erlang 39
GitHub Actions 38
Go 2,645
Maven 6,108
npm 4,271
NuGet 760
pip 4,065
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,152

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

142,637 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS... Moderate Unreviewed

CVE-2025-9227 was published Nov 11, 2025

Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is... Moderate Unreviewed

CVE-2025-12101 was published Nov 11, 2025

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an... Moderate Unreviewed

CVE-2025-41104 was published Nov 11, 2025

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an... Moderate Unreviewed

CVE-2025-41105 was published Nov 11, 2025

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an... Moderate Unreviewed

CVE-2025-41103 was published Nov 11, 2025

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an... Moderate Unreviewed

CVE-2025-41106 was published Nov 11, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-11960 was published Nov 11, 2025

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an... Moderate Unreviewed

CVE-2025-41102 was published Nov 11, 2025

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an... Moderate Unreviewed

CVE-2025-41101 was published Nov 11, 2025

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for... Moderate Unreviewed

CVE-2025-12953 was published Nov 11, 2025

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-12787 was published Nov 11, 2025

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-12788 was published Nov 11, 2025

The VAPIX API port.cgi did not have sufficient input validation, which may result in process... Moderate Unreviewed

CVE-2025-9524 was published Nov 11, 2025

An ACAP configuration file has improper permissions and lacks input validation, which could... Moderate Unreviewed

CVE-2025-8108 was published Nov 11, 2025

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST)... Moderate Unreviewed

CVE-2025-5317 was published Nov 11, 2025

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal... Moderate Unreviewed

CVE-2025-5454 was published Nov 11, 2025

A malicious ACAP application can gain access to admin-level service account credentials used by... Moderate Unreviewed

CVE-2025-5452 was published Nov 11, 2025

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary... Moderate Unreviewed

CVE-2025-4645 was published Nov 11, 2025

The ACAP Application framework could allow privilege escalation through a symlink attack. This... Moderate Unreviewed

CVE-2025-5718 was published Nov 11, 2025

ACAP applications can gain elevated privileges due to improper input validation, potentially... Moderate Unreviewed

CVE-2025-6298 was published Nov 11, 2025

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator... Moderate Unreviewed

CVE-2025-9055 was published Nov 11, 2025

An ACAP configuration file has improper permissions, which could allow command injection and... Moderate Unreviewed

CVE-2025-6779 was published Nov 11, 2025

A 3rd-party component exposed its password in process arguments, allowing for low-privileged... Moderate Unreviewed

CVE-2025-6571 was published Nov 11, 2025

The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-12753 was published Nov 11, 2025

The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height'... Moderate Unreviewed

CVE-2025-12754 was published Nov 11, 2025

Previous 1…9…400 Next

Previous 1 2 … 7 8 9 10 11 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

142,637 advisories