Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,038
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,112 advisories

Loading
OpenMage vulnerable to XSS in Admin Notifications Moderate
CVE-2025-64174 was published for openmage/magento-lts (Composer) Nov 3, 2025
Judx
Credited to Judx
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php. Moderate Unreviewed
CVE-2025-63450 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. Moderate Unreviewed
CVE-2025-63446 was published Nov 3, 2025
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8... High Unreviewed
CVE-2025-10280 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. Moderate Unreviewed
CVE-2025-63448 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. Moderate Unreviewed
CVE-2025-63447 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php. Moderate Unreviewed
CVE-2025-63449 was published Nov 3, 2025
A cross-site scripting (XSS) vulnerability exists in the administrative interface of... High Unreviewed
CVE-2025-60503 was published Nov 3, 2025
Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via... Moderate Unreviewed
CVE-2025-63442 was published Nov 3, 2025
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via... Moderate Unreviewed
CVE-2025-63443 was published Nov 3, 2025
The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the... Moderate Unreviewed
CVE-2025-6988 was published Nov 1, 2025
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is... Moderate Unreviewed
CVE-2025-12090 was published Nov 1, 2025
The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post... Moderate Unreviewed
CVE-2025-12118 was published Nov 1, 2025
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-11502 was published Nov 1, 2025
The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is... Moderate Unreviewed
CVE-2025-11927 was published Nov 1, 2025
The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-11928 was published Nov 1, 2025
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event... High Unreviewed
CVE-2025-11995 was published Nov 1, 2025
The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-11922 was published Nov 1, 2025
A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an... Moderate Unreviewed
CVE-2025-12546 was published Oct 31, 2025
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in... High Unreviewed
CVE-2025-62618 was published Oct 31, 2025
Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page Moderate
CVE-2025-62267 was published for com.liferay:com.liferay.dynamic.data.mapping.item.selector.web (Maven) Oct 31, 2025
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter Moderate
CVE-2025-62264 was published for com.liferay.portal:release.portal.bom (Maven) Oct 31, 2025
Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user... Moderate Unreviewed
CVE-2024-13992 was published Oct 31, 2025
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can... Moderate Unreviewed
CVE-2025-12460 was published Oct 31, 2025
A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0... Moderate Unreviewed
CVE-2025-61427 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database