GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,028
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,353
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,587

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

145,500 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component Moderate

CVE-2025-8082 was published for vuetify (npm) Dec 12, 2025

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the ... Moderate Unreviewed

CVE-2025-67344 was published Dec 12, 2025

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu... Moderate Unreviewed

CVE-2025-67342 was published Dec 12, 2025

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core... Moderate Unreviewed

CVE-2025-64011 was published Dec 12, 2025

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability... Moderate Unreviewed

CVE-2025-67341 was published Dec 12, 2025

A vulnerability was identified in kidaze CourseSelectionSystem up to... Moderate Unreviewed

CVE-2025-14565 was published Dec 12, 2025

A security flaw has been discovered in kidaze CourseSelectionSystem up to... Moderate Unreviewed

CVE-2025-14566 was published Dec 12, 2025

A weakness has been identified in haxxorsid Stock-Management-System up to... Moderate Unreviewed

CVE-2025-14567 was published Dec 12, 2025

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects... Moderate Unreviewed

CVE-2025-12843 was published Dec 12, 2025

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate

GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025

SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an... Moderate Unreviewed

CVE-2025-36746 was published Dec 12, 2025

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14159 was published Dec 12, 2025

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14442 was published Dec 12, 2025

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows... Moderate Unreviewed

CVE-2025-12841 was published Dec 12, 2025

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-12965 was published Dec 12, 2025

The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-14030 was published Dec 12, 2025

The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-13993 was published Dec 12, 2025

The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14074 was published Dec 12, 2025

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for... Moderate Unreviewed

CVE-2025-12348 was published Dec 12, 2025

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-12407 was published Dec 12, 2025

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-12408 was published Dec 12, 2025

The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed

CVE-2025-14065 was published Dec 12, 2025

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed

CVE-2025-14356 was published Dec 12, 2025

The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-11876 was published Dec 12, 2025

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to,... Moderate Unreviewed

CVE-2025-13660 was published Dec 12, 2025

Previous 1…4…400 Next

Previous 1 2 3 4 5 6 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

145,500 advisories