Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of... Moderate Unreviewed
CVE-2025-53516 was published Jan 20, 2026
Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of... Moderate Unreviewed
CVE-2025-41025 was published Jan 20, 2026
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF) Moderate
CVE-2026-1180 was published for org.keycloak:keycloak-adapter-core (Maven) Jan 20, 2026
HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and... Moderate Unreviewed
CVE-2026-1183 was published Jan 20, 2026
Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq Studio. This vulnerability... Moderate Unreviewed
CVE-2025-41081 was published Jan 20, 2026
Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of... Moderate Unreviewed
CVE-2025-41024 was published Jan 20, 2026
Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability... Moderate Unreviewed
CVE-2025-40644 was published Jan 20, 2026
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability... Moderate Unreviewed
CVE-2025-14369 was published Jan 20, 2026
Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that... Moderate Unreviewed
CVE-2025-41084 was published Jan 20, 2026
HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a... Moderate Unreviewed
CVE-2025-40679 was published Jan 20, 2026
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected... Moderate Unreviewed
CVE-2026-1223 was published Jan 20, 2026
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can... Moderate Unreviewed
CVE-2025-41768 was published Jan 20, 2026
URL parameters are directly embedded into JavaScript code or HTML attributes without proper... Moderate Unreviewed
CVE-2025-66523 was published Jan 20, 2026
A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm... Moderate Unreviewed
CVE-2026-1218 was published Jan 20, 2026
The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-1045 was published Jan 20, 2026
The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without... Moderate Unreviewed
CVE-2025-12573 was published Jan 20, 2026
The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-1042 was published Jan 20, 2026
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed... Moderate Unreviewed
CVE-2026-0901 was published Jan 20, 2026
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and... Moderate Unreviewed
CVE-2025-14348 was published Jan 20, 2026
The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2025-14351 was published Jan 20, 2026
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2025-14798 was published Jan 20, 2026
A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function... Moderate Unreviewed
CVE-2026-1203 was published Jan 20, 2026
A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function... Moderate Unreviewed
CVE-2026-1202 was published Jan 20, 2026
The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square,... Moderate Unreviewed
CVE-2025-14978 was published Jan 20, 2026
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2026-1051 was published Jan 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database