GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,508
Composer 4,968
Erlang 39
GitHub Actions 38
Go 2,615
Maven 6,100
npm 4,255
NuGet 760
pip 4,038
Pub 12
RubyGems 953
Rust 1,049
Swift 45

Unreviewed advisories

All unreviewed 275,722

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

217 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability... Critical Unreviewed

CVE-2025-53883 was published Oct 30, 2025

Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised... High Unreviewed

CVE-2025-39663 was published Oct 30, 2025

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker... Moderate Unreviewed

CVE-2025-36121 was published Oct 27, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2025-62936 was published Oct 27, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2025-62897 was published Oct 27, 2025

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution... Moderate Unreviewed

CVE-2025-11823 was published Oct 25, 2025

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-11992 was published Oct 24, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2025-58970 was published Oct 22, 2025

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-11161 was published Oct 15, 2025

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-11160 was published Oct 15, 2025

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could... Moderate Unreviewed

CVE-2025-31992 was published Oct 12, 2025

The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed

CVE-2025-10496 was published Oct 9, 2025

A vulnerability in HCL HCL MyXalytics allows HTML InjectionThis issue affects HCL MyXalytics: 6.6. Moderate Unreviewed

CVE-2025-52654 was published Oct 3, 2025

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in... Moderate Unreviewed

CVE-2025-11241 was published Oct 3, 2025

The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-10128 was published Sep 30, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2025-60100 was published Sep 26, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2025-59573 was published Sep 22, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2025-57928 was published Sep 22, 2025

The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-10125 was published Sep 17, 2025

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco... Moderate Unreviewed

CVE-2025-20342 was published Aug 27, 2025

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-6247 was published Aug 26, 2025

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster... High Unreviewed

CVE-2025-51989 was published Aug 21, 2025

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature Moderate Unreviewed

CVE-2025-57730 was published Aug 20, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2025-54698 was published Aug 14, 2025

The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c... Moderate Unreviewed

CVE-2025-8621 was published Aug 12, 2025

Previous1…9 Next

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

217 advisories