Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,639 advisories

Loading
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34260 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34258 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34257 was published Dec 5, 2025
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter. Moderate Unreviewed
CVE-2025-63499 was published Dec 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-25599 was published Mar 28, 2024
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS)... High Unreviewed
CVE-2025-12848 was published Nov 26, 2025
Mattermost Server is vulnerable to XSS through author_link field in Slack attachments Moderate
CVE-2017-18879 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page Moderate
CVE-2017-18877 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-13678 was published Dec 5, 2025
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2025-13739 was published Dec 5, 2025
The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2025-13682 was published Dec 5, 2025
The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... High Unreviewed
CVE-2025-13614 was published Dec 5, 2025
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13515 was published Dec 5, 2025
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2025-12186 was published Dec 5, 2025
The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13860 was published Dec 5, 2025
The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13622 was published Dec 5, 2025
The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-12124 was published Dec 5, 2025
The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-12191 was published Dec 5, 2025
The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-12368 was published Dec 5, 2025
The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-12417 was published Dec 5, 2025
The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-13512 was published Dec 5, 2025
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-13625 was published Dec 5, 2025
The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-13623 was published Dec 5, 2025
The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-12804 was published Dec 5, 2025
Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF' High
CVE-2025-65959 was published for open-webui (npm) Dec 4, 2025
pyozzi-toss L2VE
Credited to pyozzi-toss and L2VE
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database