Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,373 advisories

Loading
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and... High Unreviewed
CVE-2025-12484 was published Nov 19, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-13206 was published Nov 19, 2025
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor... Moderate Unreviewed
CVE-2025-13054 was published Nov 19, 2025
The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12878 was published Nov 19, 2025
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-6251 was published Nov 19, 2025
The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12710 was published Nov 19, 2025
Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute... Moderate Unreviewed
CVE-2025-56526 was published Nov 18, 2025
kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch... Moderate Unreviewed
CVE-2025-63514 was published Nov 18, 2025
Drupal Simple multi step form allows Cross-Site Scripting Low
CVE-2025-12761 was published for drupal/simple_multistep (Composer) Nov 18, 2025
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` Moderate
CVE-2025-65013 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Kirby CMS has cross-site scripting (XSS) in the changes dialog Moderate
CVE-2025-65012 was published for getkirby/cms (Composer) Nov 18, 2025
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E... Moderate Unreviewed
CVE-2025-63883 was published Nov 18, 2025
Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page... Moderate Unreviewed
CVE-2025-59117 was published Nov 18, 2025
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected... Moderate Unreviewed
CVE-2025-63892 was published Nov 18, 2025
Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data... Moderate Unreviewed
CVE-2025-59115 was published Nov 18, 2025
A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue... Moderate Unreviewed
CVE-2025-13349 was published Nov 18, 2025
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-13196 was published Nov 18, 2025
The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12691 was published Nov 18, 2025
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-12457 was published Nov 18, 2025
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected... Moderate Unreviewed
CVE-2025-13343 was published Nov 18, 2025
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este... Moderate Unreviewed
CVE-2025-41350 was published Nov 18, 2025
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este... Moderate Unreviewed
CVE-2025-41349 was published Nov 18, 2025
The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2025-4212 was published Nov 18, 2025
The Meta Display Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-12088 was published Nov 18, 2025
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2025-12079 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database