Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

98,941 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39397 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39384 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39408 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39360 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39400 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39399 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39387 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39378 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39391 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39382 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-39359 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This... High Unreviewed
CVE-2025-39381 was published Apr 24, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-32921 was published Apr 24, 2025
Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by... High Unreviewed
CVE-2021-47662 was published Apr 24, 2025
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a... High Unreviewed
CVE-2021-47663 was published Apr 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-3872 was published Apr 24, 2025
An issue has been discovered in GitLab EE/CE that could allow an attacker to track users'... High Unreviewed
CVE-2025-1908 was published Apr 24, 2025
The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all... High Unreviewed
CVE-2025-3101 was published Apr 24, 2025
The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-3058 was published Apr 24, 2025
The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory... High Unreviewed
CVE-2025-3300 was published Apr 24, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2025-3607 was published Apr 24, 2025
The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code... High Unreviewed
CVE-2025-3776 was published Apr 24, 2025
The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2025-3761 was published Apr 24, 2025
The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to... High Unreviewed
CVE-2025-2558 was published Apr 24, 2025
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user... High Unreviewed
CVE-2025-1976 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database