Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,054 advisories

Loading
The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2025-11994 was published Nov 12, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-11962 was published Nov 12, 2025
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE High
CVE-2025-64495 was published for open-webui (npm) Nov 7, 2025
gg0h
Credited to gg0h
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics... High Unreviewed
CVE-2025-62211 was published Nov 11, 2025
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics... High Unreviewed
CVE-2025-62210 was published Nov 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored... High Unreviewed
CVE-2025-7430 was published Nov 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored... High Unreviewed
CVE-2025-7632 was published Nov 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored... High Unreviewed
CVE-2025-7633 was published Nov 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored... High Unreviewed
CVE-2025-7429 was published Nov 11, 2025
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2025-11892 was published Nov 11, 2025
Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High
GHSA-vfpf-xmwh-8m65 was published for prosemirror_to_html (RubyGems) Nov 7, 2025 withdrawn
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53585 was published Nov 6, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a... High Unreviewed
CVE-2025-54167 was published Nov 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53573 was published Nov 6, 2025
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High
GHSA-52c5-vh7f-26fx was published for prosemirror_to_html (RubyGems) Nov 6, 2025
polypixeldev Luke-Oldenburg
Spone 9021007
Credited to polypixeldev, Luke-Oldenburg, Spone, and 9021007
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-62036 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-62041 was published Nov 6, 2025
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-12486 was published Nov 6, 2025
A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker... High Unreviewed
CVE-2025-63589 was published Nov 6, 2025
An unauthenticated reflected cross-site scripting vulnerability in the query handling of... High Unreviewed
CVE-2025-63588 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-62040 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-62031 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-54718 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-64198 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-64224 was published Nov 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database