Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,923 advisories

Loading
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter. High Unreviewed
CVE-2023-53155 was published Jul 25, 2025
A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search feature of Koha Library... High Unreviewed
CVE-2025-52360 was published Jul 25, 2025
A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri... High Unreviewed
CVE-2025-36548 was published Jul 24, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18... High Unreviewed
CVE-2025-4700 was published Jul 23, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18... High Unreviewed
CVE-2025-4439 was published Jul 23, 2025
A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered. High Unreviewed
CVE-2025-54297 was published Jul 23, 2025
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered. High Unreviewed
CVE-2025-54296 was published Jul 23, 2025
DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could... High Unreviewed
CVE-2025-41425 was published Jul 23, 2025
NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting High
CVE-2025-54128 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering High
CVE-2025-54075 was published for @nuxtjs/mdc (npm) Jul 20, 2025
Vozec
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected... High Unreviewed
CVE-2025-52169 was published Jul 18, 2025
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged... High Unreviewed
CVE-2025-49486 was published Jul 18, 2025
Grafana is vulnerable to XSS attacks through open redirects and path traversal High
CVE-2025-6023 was published for github.com/grafana/grafana (Go) Jul 18, 2025
Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting... High Unreviewed
CVE-2025-6185 was published Jul 18, 2025
A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an... High Unreviewed
CVE-2025-6248 was published Jul 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48291 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47554 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31427 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-31072 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52779 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52786 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-48345 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-46500 was published Jul 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-49031 was published Jul 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database