GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
292 advisories
Filter by severity
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via...
High
Unreviewed
CVE-2025-14835
was published
Jan 7, 2026
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2025-14792
was published
Jan 7, 2026
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2025-15058
was published
Jan 7, 2026
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker...
Moderate
Unreviewed
CVE-2025-36230
was published
Dec 26, 2025
The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2025-14735
was published
Dec 20, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2025-64225
was published
Dec 18, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2025-64633
was published
Dec 16, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2025-63068
was published
Dec 9, 2025
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in...
Moderate
Unreviewed
CVE-2025-58412
was published
Nov 19, 2025
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2025-11265
was published
Nov 18, 2025
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2025-11267
was published
Nov 18, 2025
The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of ...
High
Unreviewed
CVE-2025-8386
was published
Nov 15, 2025
A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of...
High
Unreviewed
CVE-2025-54346
was published
Nov 14, 2025
A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop...
Moderate
Unreviewed
CVE-2025-54348
was published
Nov 14, 2025
The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2025-12753
was published
Nov 11, 2025
The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2025-11874
was published
Nov 11, 2025
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could...
Moderate
Unreviewed
CVE-2025-33110
was published
Nov 6, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
High
Unreviewed
CVE-2025-60244
was published
Nov 6, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2025-49398
was published
Nov 6, 2025
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2025-11745
was published
Nov 5, 2025
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2025-11987
was published
Nov 5, 2025
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised...
High
Unreviewed
CVE-2025-39663
was published
Oct 30, 2025
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability...
Critical
Unreviewed
CVE-2025-53883
was published
Oct 30, 2025
IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker...
Moderate
Unreviewed
CVE-2025-36121
was published
Oct 27, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2025-62936
was published
Oct 27, 2025
ProTip!
Advisories are also available from the
GraphQL API