Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124,415 advisories

Loading
Formwork has a cross-site scripting (XSS) vulnerability in Site title Moderate
GHSA-vf6x-59hh-332f was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412
PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable.... Moderate Unreviewed
CVE-2025-0769 was published Feb 28, 2025
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of... Moderate Unreviewed
CVE-2024-54175 was published Feb 28, 2025
A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin... Moderate Unreviewed
CVE-2025-25461 was published Feb 28, 2025
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in... Moderate Unreviewed
CVE-2025-0985 was published Feb 28, 2025
Insecure file retrieval process that facilitates potential for file manipulation to affect... Moderate Unreviewed
CVE-2025-24843 was published Feb 28, 2025
Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead... Moderate Unreviewed
CVE-2025-24318 was published Feb 28, 2025
Unauthenticated log effects metrics gathering incident response efforts and potentially exposes... Moderate Unreviewed
CVE-2025-23405 was published Feb 28, 2025
The Dario Health Internet-based server infrastructure is vulnerable due to exposure of... Moderate Unreviewed
CVE-2025-24316 was published Feb 28, 2025
ntpd NTS client denial of service via wrongly sized cookies Moderate
GHSA-v83q-83hj-rw38 was published for ntpd (Rust) Feb 28, 2025
HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could... Moderate Unreviewed
CVE-2025-1749 was published Feb 28, 2025
Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow... Moderate Unreviewed
CVE-2025-1776 was published Feb 28, 2025
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app... Moderate Unreviewed
CVE-2025-25916 was published Feb 28, 2025
Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows... Moderate Unreviewed
CVE-2025-1746 was published Feb 28, 2025
HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could... Moderate Unreviewed
CVE-2025-1748 was published Feb 28, 2025
HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could... Moderate Unreviewed
CVE-2025-1747 was published Feb 28, 2025
The application or its infrastructure allows for IP address spoofing by providing its own value... Moderate Unreviewed
CVE-2025-22271 was published Feb 28, 2025
The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is... Moderate Unreviewed
CVE-2025-1319 was published Feb 28, 2025
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-10860 was published Feb 28, 2025
The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting... Moderate Unreviewed
CVE-2025-22491 was published Feb 28, 2025
The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed
CVE-2025-1662 was published Feb 28, 2025
The connection string visible to users with access to FRSCore database on Foreseer Reporting... Moderate Unreviewed
CVE-2025-22492 was published Feb 28, 2025
The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-1560 was published Feb 28, 2025
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL... Moderate Unreviewed
CVE-2025-1572 was published Feb 28, 2025
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-13638 was published Feb 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database