Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

136,799 advisories

Loading
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-8360 was published Sep 6, 2025
The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-9849 was published Sep 6, 2025
The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-9853 was published Sep 6, 2025
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin... Moderate Unreviewed
CVE-2025-10003 was published Sep 6, 2025
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is... Moderate Unreviewed
CVE-2025-6067 was published Sep 6, 2025
A vulnerability was determined in itsourcecode POS Point of Sale System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-10027 was published Sep 6, 2025
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-53791 was published Sep 5, 2025
MongoDB Server may allow upsert operations retried within a transaction to violate unique index... Moderate Unreviewed
CVE-2025-10060 was published Sep 5, 2025
A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-10026 was published Sep 5, 2025
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in... Moderate Unreviewed
CVE-2025-10044 was published Sep 5, 2025
An authorized user can cause a crash in the MongoDB Server through a specially crafted $group... Moderate Unreviewed
CVE-2025-10061 was published Sep 5, 2025
An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers.... Moderate Unreviewed
CVE-2025-10059 was published Sep 5, 2025
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an... Moderate Unreviewed
CVE-2025-10025 was published Sep 5, 2025
The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-9057 was published Sep 5, 2025
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve... Moderate Unreviewed
CVE-2025-32098 was published Sep 5, 2025
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980,... Moderate Unreviewed
CVE-2025-32100 was published Sep 5, 2025
A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file ... Moderate Unreviewed
CVE-2025-9737 was published Sep 5, 2025
A vulnerability has been found in Khanakag-17 Library Management System up to... Moderate Unreviewed
CVE-2025-9755 was published Sep 5, 2025
A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part... Moderate Unreviewed
CVE-2025-9728 was published Sep 5, 2025
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-9735 was published Sep 5, 2025
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown... Moderate Unreviewed
CVE-2025-9736 was published Sep 5, 2025
xgrammar vulnerable to denial of service by huge enum grammar Moderate
CVE-2025-58446 was published for xgrammar (pip) Sep 5, 2025
xendo
secrets-store-sync-controller discloses service account tokens in logs Moderate
CVE-2025-7445 was published for sigs.k8s.io/secrets-store-sync-controller (Go) Sep 5, 2025
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-48103 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database