Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

361 advisories

Loading
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted... Critical Unreviewed
CVE-2024-4180 was published Jun 4, 2024
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because... Critical Unreviewed
CVE-2023-50982 was published Jan 8, 2024
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to... Critical Unreviewed
CVE-2025-44148 was published Jun 3, 2025
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6... Critical Unreviewed
CVE-2024-52770 was published Nov 20, 2024
Magneto contains stored XSS vulnerability Critical
CVE-2025-47110 was published for magento/community-edition (Composer) Jun 10, 2025
lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An... Critical Unreviewed
CVE-2025-4779 was published Jul 7, 2025
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the... Critical Unreviewed
CVE-2025-53599 was published Jul 4, 2025
User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) ... Critical Unreviewed
CVE-2025-53484 was published Jul 4, 2025
In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an... Critical Unreviewed
CVE-2024-44081 was published Oct 30, 2024
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class Critical
CVE-2023-44311 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu Critical
CVE-2023-44310 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2... Critical Unreviewed
CVE-2020-26799 was published Jul 21, 2025
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter... Critical Unreviewed
CVE-2025-41420 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId... Critical Unreviewed
CVE-2025-46410 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter... Critical Unreviewed
CVE-2025-50128 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality... Critical Unreviewed
CVE-2025-53084 was published Jul 24, 2025
Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute... Critical Unreviewed
CVE-2025-46199 was published Jul 25, 2025
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. Critical Unreviewed
CVE-2025-54298 was published Jul 28, 2025
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for... Critical Unreviewed
CVE-2025-54299 was published Jul 28, 2025
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget Critical
CVE-2023-42628 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module Critical
CVE-2023-42627 was published for com.liferay.commerce:com.liferay.commerce.address.content.web (Maven) Oct 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database