Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

129,468 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-11937 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62671 was published Oct 18, 2025
The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is... Moderate Unreviewed
CVE-2025-11378 was published Oct 18, 2025
The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in... Moderate Unreviewed
CVE-2020-36854 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62665 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62662 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62670 was published Oct 18, 2025
Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation... Moderate Unreviewed
CVE-2025-62666 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62663 was published Oct 18, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia... Moderate Unreviewed
CVE-2025-62669 was published Oct 18, 2025
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... Moderate Unreviewed
CVE-2025-11361 was published Oct 18, 2025
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2025-11742 was published Oct 18, 2025
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all... Moderate Unreviewed
CVE-2025-11738 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62664 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62667 was published Oct 18, 2025
The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-11857 was published Oct 18, 2025
Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki -... Moderate Unreviewed
CVE-2025-62668 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62652 was published Oct 18, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client... Moderate Unreviewed
CVE-2025-62649 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not... Moderate Unreviewed
CVE-2025-62651 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed
CVE-2025-62646 was published Oct 17, 2025
A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40.... Moderate Unreviewed
CVE-2025-11910 was published Oct 17, 2025
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this... Moderate Unreviewed
CVE-2025-11914 was published Oct 17, 2025
A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by... Moderate Unreviewed
CVE-2025-11913 was published Oct 17, 2025
A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the... Moderate Unreviewed
CVE-2025-11912 was published Oct 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database