GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,912
Composer 5,067
Erlang 39
GitHub Actions 38
Go 2,717
Maven 6,143
npm 4,328
NuGet 761
pip 4,105
Pub 12
RubyGems 958
Rust 1,065
Swift 45

Unreviewed advisories

All unreviewed 278,946

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

144,533 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore... Moderate Unreviewed

CVE-2025-32898 was published Dec 5, 2025

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could... Moderate Unreviewed

CVE-2025-32901 was published Dec 5, 2025

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices... Moderate Unreviewed

CVE-2025-32899 was published Dec 5, 2025

The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2025-12417 was published Dec 5, 2025

A flaw exists in the verification of application installation sources within ColorOS. Under... Moderate Unreviewed

CVE-2025-27389 was published Dec 5, 2025

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an... Moderate Unreviewed

CVE-2025-62223 was published Dec 5, 2025

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-11759 was published Dec 5, 2025

The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2025-12804 was published Dec 5, 2025

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this... Moderate Unreviewed

CVE-2025-14052 was published Dec 5, 2025

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth... Moderate Unreviewed

CVE-2025-65900 was published Dec 5, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-6946 was published Dec 5, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-13938 was published Dec 5, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-13936 was published Dec 5, 2025

An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an... Moderate Unreviewed

CVE-2025-13940 was published Dec 5, 2025

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non... Moderate Unreviewed

CVE-2025-1910 was published Dec 5, 2025

When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to... Moderate Unreviewed

CVE-2025-12986 was published Dec 5, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-13939 was published Dec 5, 2025

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById... Moderate Unreviewed

CVE-2025-14051 was published Dec 5, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-13937 was published Dec 5, 2025

Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows... Moderate Unreviewed

CVE-2025-66572 was published Dec 4, 2025

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open... Moderate Unreviewed

CVE-2025-66574 was published Dec 4, 2025

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that... Moderate Unreviewed

CVE-2025-66573 was published Dec 4, 2025

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process... Moderate Unreviewed

CVE-2023-53735 was published Dec 4, 2025

Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter. Moderate Unreviewed

CVE-2025-63499 was published Dec 4, 2025

Medtronic CareLink Network allows a local attacker with access to log files on an internal API... Moderate Unreviewed

CVE-2025-12996 was published Dec 4, 2025

Previous 1…5…400 Next

Previous 1 2 3 4 5 6 7 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

144,533 advisories