Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,638
Erlang
34
GitHub Actions
26
Go
2,249
Maven
5,000+
npm
3,903
NuGet
702
pip
3,671
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

29,548 advisories

Loading
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-3458 was published Apr 22, 2025
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2025-3457 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46228 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46250 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46237 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46239 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46236 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46235 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46229 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46240 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46233 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46238 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46254 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46253 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46227 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46226 was published Apr 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46225 was published Apr 22, 2025
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-2839 was published Apr 22, 2025
The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-3814 was published Apr 22, 2025
A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute... Moderate Unreviewed
CVE-2025-28102 was published Apr 21, 2025
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux... Moderate Unreviewed
CVE-2024-12863 was published Apr 21, 2025
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in... Moderate Unreviewed
CVE-2025-28121 was published Apr 21, 2025
OpenCMS cross-site scripting (XSS) vulnerability Moderate
CVE-2024-41446 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The... Moderate Unreviewed
CVE-2020-36844 was published Apr 21, 2025
QMarkdown Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-43954 was published for @quasar/quasar-ui-qmarkdown (npm) Apr 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database