GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,074
Composer 5,087
Erlang 40
GitHub Actions 38
Go 2,758
Maven 6,173
npm 4,364
NuGet 766
pip 4,132
Pub 12
RubyGems 961
Rust 1,070
Swift 45

Unreviewed advisories

All unreviewed 281,487

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

39,036 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed

CVE-2023-53915 was published Dec 18, 2025

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field... Moderate Unreviewed

CVE-2023-53916 was published Dec 18, 2025

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox... Moderate Unreviewed

CVE-2023-53919 was published Dec 18, 2025

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed

CVE-2023-53906 was published Dec 18, 2025

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed

CVE-2023-53910 was published Dec 18, 2025

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed

CVE-2023-53909 was published Dec 18, 2025

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt... Moderate Unreviewed

CVE-2023-53911 was published Dec 18, 2025

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title... Moderate Unreviewed

CVE-2023-53918 was published Dec 18, 2025

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title... Moderate Unreviewed

CVE-2023-53920 was published Dec 18, 2025

Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed

CVE-2023-53904 was published Dec 18, 2025

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock... Critical Unreviewed

CVE-2025-67787 was published Dec 17, 2025

Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling... Moderate Unreviewed

CVE-2025-65233 was published Dec 17, 2025

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed

CVE-2025-13217 was published Dec 17, 2025

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple... Moderate Unreviewed

CVE-2025-13537 was published Dec 17, 2025

A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of... Moderate Unreviewed

CVE-2025-66924 was published Dec 17, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-14347 was published Dec 17, 2025

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss... Moderate Unreviewed

CVE-2025-14154 was published Dec 17, 2025

The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated... Moderate Unreviewed

CVE-2025-13861 was published Dec 17, 2025

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-14385 was published Dec 17, 2025

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress... Moderate Unreviewed

CVE-2025-13977 was published Dec 17, 2025

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the... Moderate Unreviewed

CVE-2025-14801 was published Dec 17, 2025

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a... High Unreviewed

CVE-2025-14701 was published Dec 17, 2025

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management... Moderate Unreviewed

CVE-2025-65592 was published Dec 16, 2025

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality... Moderate Unreviewed

CVE-2025-65590 was published Dec 16, 2025

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality. Moderate Unreviewed

CVE-2025-65591 was published Dec 16, 2025

Previous 12…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

39,036 advisories