Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,878 advisories

Loading
Ibexa Admin UI XSS vulnerabilities in back office Moderate
GHSA-5r6x-g6jv-4v87 was published for ibexa/admin-ui (Composer) Jun 13, 2025
Ibexa Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-vhgq-r8gx-5fpv was published for ibexa/admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-r5rx-53g9-25rj was published for ezsystems/ezplatform-admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office Moderate
GHSA-r7pm-mw8g-p7px was published for ezsystems/ezplatform-admin-ui (Composer) Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in user registration date message Moderate
CVE-2025-49578 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in menu heading message Moderate
CVE-2025-49579 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages Moderate
CVE-2025-49577 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in search no result messages Moderate
CVE-2025-49576 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
Citizen skin vulnerable to stored XSS through multiple system messages Moderate
CVE-2025-49575 was published for starcitizentools/citizen-skin (Composer) Jun 11, 2025
SomeMWDev
Drupal Lightgallery Cross-site Scripting vulnerability Moderate
CVE-2025-48447 was published for drupal/lightgallery (Composer) Jun 11, 2025
Magneto contains stored XSS vulnerability Critical
CVE-2025-47110 was published for magento/community-edition (Composer) Jun 10, 2025
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
Laravel Translation Manager Vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-49130 was published for barryvdh/laravel-translation-manager (Composer) Jun 9, 2025
Jenkins Gatling Plugin Vulnerable to Cross-Site Scripting (XSS) High
CVE-2025-5806 was published for org.jenkins-ci.plugins:gatling (Maven) Jun 6, 2025
Gokapi vulnerable to stored XSS via uploading file with malicious file name Moderate
CVE-2025-48494 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
4rdr Forceu
Gokapi has stored XSS vulnerability in friendly name for API keys Moderate
CVE-2025-48495 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
Forceu
WSO2 products vulnerable to Cross-site Scripting Moderate
CVE-2024-8008 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui (Maven) Jun 2, 2025
juzaweb CMS allows cross-site scripting by uploading an SVG file Moderate
CVE-2025-5420 was published for juzaweb/cms (Composer) Jun 2, 2025
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline Moderate
CVE-2025-48378 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
Reflected Cross-Site Scripting (XSS) in module actions in edit mode Moderate
CVE-2025-48377 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
The Backup Plus extension for TYPO3 (ns_backup) allows XSS Low
CVE-2025-48206 was published for nitsan/ns-backup (Composer) May 21, 2025
[clickstorm] SEO (cs_seo) TYPO3 extension Cross-site Scripting (XSS) vulnerability Moderate
CVE-2025-48203 was published for clickstorm/cs-seo (Composer) May 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database