Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,331 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62659 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62653 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62654 was published Oct 18, 2025
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited... Low Unreviewed
CVE-2025-27259 was published Oct 13, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote... Low Unreviewed
CVE-2024-12923 was published Aug 29, 2025
A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has... Low Unreviewed
CVE-2025-8751 was published Aug 9, 2025
The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP... Low Unreviewed
CVE-2025-4599 was published Aug 5, 2025
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product Low Unreviewed
CVE-2025-37108 was published Jul 31, 2025
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product Low Unreviewed
CVE-2025-37109 was published Jul 31, 2025
A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998... Low Unreviewed
CVE-2025-8206 was published Jul 26, 2025
A potential security vulnerability has been identified in the Poly Clariti Manager for versions... Low Unreviewed
CVE-2025-43488 was published Jul 23, 2025
The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules)... Low Unreviewed
CVE-2025-7672 was published Jul 15, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-53492 was published Jul 2, 2025
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML... Low Unreviewed
CVE-2025-42990 was published Jun 10, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If... Low Unreviewed
CVE-2024-50406 was published Jun 6, 2025
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high... Low Unreviewed
CVE-2025-1419 was published May 21, 2025
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized... Low Unreviewed
CVE-2025-1420 was published May 21, 2025
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not... Low Unreviewed
CVE-2024-11140 was published May 15, 2025
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper... Low Unreviewed
CVE-2025-23379 was published May 6, 2025
The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings,... Low Unreviewed
CVE-2025-3583 was published May 5, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3513 was published May 2, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3514 was published May 2, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3504 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3502 was published May 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database