Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,038
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,230 advisories

Loading
OpenMage vulnerable to XSS in Admin Notifications Moderate
CVE-2025-64174 was published for openmage/magento-lts (Composer) Nov 3, 2025
Judx
Credited to Judx
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb atrol
dregad
Credited to jrckmcsb, atrol, and dregad
MantisBT lacks verification when changing a user's email address Moderate
CVE-2025-55155 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
ncrcs dregad
Credited to ncrcs and dregad
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php. Moderate Unreviewed
CVE-2025-63450 was published Nov 3, 2025
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... Unknown Unreviewed
CVE-2025-60785 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. Unknown Unreviewed
CVE-2025-63453 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. Critical Unreviewed
CVE-2025-63451 was published Nov 3, 2025
The Metro Development Server, which is opened by the React Native CLI, binds to external... Critical Unreviewed
CVE-2025-11953 was published Nov 3, 2025
Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the... Unknown Unreviewed
CVE-2025-63441 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. Moderate Unreviewed
CVE-2025-63446 was published Nov 3, 2025
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8... High Unreviewed
CVE-2025-10280 was published Nov 3, 2025
An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras... Critical Unreviewed
CVE-2025-12463 was published Nov 3, 2025
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. Unknown Unreviewed
CVE-2025-63452 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. Moderate Unreviewed
CVE-2025-63448 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. Moderate Unreviewed
CVE-2025-63447 was published Nov 3, 2025
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid... Unknown Unreviewed
CVE-2025-50363 was published Nov 3, 2025
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn... Unknown Unreviewed
CVE-2025-45959 was published Nov 3, 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php. Moderate Unreviewed
CVE-2025-63449 was published Nov 3, 2025
A cross-site scripting (XSS) vulnerability exists in the administrative interface of... High Unreviewed
CVE-2025-60503 was published Nov 3, 2025
A potential security vulnerability has been identified in the HP Client Management Script Library... High Unreviewed
CVE-2025-11761 was published Nov 3, 2025
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated... Moderate Unreviewed
CVE-2025-36092 was published Nov 3, 2025
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to... Moderate Unreviewed
CVE-2025-36093 was published Nov 3, 2025
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated... Moderate Unreviewed
CVE-2025-36091 was published Nov 3, 2025
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng dregad
Credited to TheAmazeng and dregad
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database