Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,212
NuGet
744
pip
3,988
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

37,546 advisories

Loading
A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some... Moderate Unreviewed
CVE-2025-11512 was published Oct 9, 2025
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of... Moderate Unreviewed
CVE-2025-40991 was published Oct 2, 2025
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of... Moderate Unreviewed
CVE-2025-40989 was published Oct 2, 2025
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2025-60299 was published Oct 8, 2025
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in... Moderate Unreviewed
CVE-2025-60312 was published Oct 7, 2025
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of... Moderate Unreviewed
CVE-2025-40990 was published Oct 2, 2025
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting Moderate
CVE-2025-61788 was published for org.opencastproject:opencast-common (Maven) Oct 8, 2025
miesgre
Credited to miesgre
Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel High
GHSA-7rgr-72hp-9wp3 was published for flowise (npm) Oct 6, 2025 withdrawn
Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot High
GHSA-wq95-wr7m-26h4 was published for flowise (npm) Oct 6, 2025 withdrawn
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via... Moderate Unreviewed
CVE-2025-61183 was published Oct 8, 2025
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting... High Unreviewed
CVE-2024-45699 was published Apr 2, 2025
Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting (XSS) in the Enter... Moderate Unreviewed
CVE-2025-60313 was published Oct 8, 2025
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS)... Moderate Unreviewed
CVE-2025-60318 was published Oct 8, 2025
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected... Moderate Unreviewed
CVE-2025-11485 was published Oct 8, 2025
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages.... Moderate Unreviewed
CVE-2025-3019 was published Mar 31, 2025
Multiple cross-site scripting (XSS) vulnerabilities in the Notifications widget in Liferay Portal... Moderate Unreviewed
CVE-2025-43771 was published Oct 8, 2025
Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS)... Moderate Unreviewed
CVE-2025-60298 was published Oct 8, 2025
Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3... Moderate Unreviewed
CVE-2025-43830 was published Oct 8, 2025
Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay... Moderate Unreviewed
CVE-2025-43829 was published Oct 8, 2025
Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in... Moderate Unreviewed
CVE-2025-43821 was published Oct 8, 2025
Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS)... Moderate Unreviewed
CVE-2025-60314 was published Oct 8, 2025
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver... High Unreviewed
CVE-2024-5420 was published Jun 4, 2024
A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this... Moderate Unreviewed
CVE-2025-11435 was published Oct 8, 2025
A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the... Moderate Unreviewed
CVE-2025-11433 was published Oct 8, 2025
A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-11437 was published Oct 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database