GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,028
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,353
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,497

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

145,439 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-53994 was published Jul 16, 2025

Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications Moderate

CVE-2024-10031 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025

Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console Moderate

CVE-2024-10029 was published for org.glassfish.main.admingui:console-cluster-plugin (Maven) Jul 16, 2025

Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console Moderate

CVE-2024-10032 was published for org.glassfish.main.admingui:console-cluster-plugin (Maven) Jul 16, 2025

Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows... Moderate Unreviewed

CVE-2025-48166 was published Jul 16, 2025

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-7035 was published Jul 16, 2025

Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts Moderate

CVE-2024-9342 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025

Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console Moderate

CVE-2024-9343 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025

Missing Authorization vulnerability in enituretechnology Residential Address Detection allows... Moderate Unreviewed

CVE-2025-48155 was published Jul 16, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-48156 was published Jul 16, 2025

Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own... Moderate Unreviewed

CVE-2025-48150 was published Jul 16, 2025

Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Script. This vulnerability... Moderate Unreviewed

CVE-2025-40724 was published Jul 16, 2025

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, &... Moderate Unreviewed

CVE-2025-5284 was published Jul 16, 2025

Reactor Netty HTTP is vulnerable to credential leaks during chained redirects Moderate

CVE-2025-22227 was published for io.projectreactor.netty:reactor-netty-http (Maven) Jul 16, 2025

Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the... Moderate Unreviewed

CVE-2025-27465 was published Jul 16, 2025

Authentication vulnerability in the mobile application（tech.palm.id）may lead to the risk of... Moderate Unreviewed

CVE-2025-7703 was published Jul 16, 2025

The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’... Moderate Unreviewed

CVE-2025-5843 was published Jul 16, 2025

The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-5845 was published Jul 16, 2025

The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2025-6747 was published Jul 16, 2025

Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN... Moderate Unreviewed

CVE-2025-53842 was published Jul 16, 2025

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-6977 was published Jul 16, 2025

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for... Moderate Unreviewed

CVE-2025-2799 was published Jul 16, 2025

An incorrect authorization vulnerability allowed unauthorized read access to the contents of... Moderate Unreviewed

CVE-2025-6981 was published Jul 15, 2025

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed

CVE-2025-53025 was published Jul 15, 2025

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed

CVE-2025-53026 was published Jul 15, 2025

Previous 1…399400 Next

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

145,439 advisories