Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,923 advisories

Loading
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components High
GHSA-9v82-vcjx-m76j was published for shopware/core (Composer) Sep 10, 2025
Webrecorder packages are vulnerable to XSS through 404 error handling logic High
CVE-2025-58765 was published for @webrecorder/archivewebpage (npm) Sep 10, 2025
Dedal0
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47694 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47570 was published Sep 9, 2025
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject... High Unreviewed
CVE-2025-45805 was published Sep 8, 2025
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server High
CVE-2025-58444 was published for @modelcontextprotocol/inspector (npm) Sep 8, 2025
N8N's Chat Trigger component is vulnerable to XSS High
CVE-2025-56265 was published for @n8n/n8n-nodes-langchain (npm) Sep 8, 2025
A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a... High Unreviewed
CVE-2025-55998 was published Sep 8, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53307 was published Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-58857 was published Sep 5, 2025
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in... High Unreviewed
CVE-2025-57150 was published Sep 3, 2025
phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin... High Unreviewed
CVE-2025-57151 was published Sep 3, 2025
Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute... High Unreviewed
CVE-2023-41471 was published Aug 29, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating... High Unreviewed
CVE-2025-22483 was published Aug 29, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53289 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53579 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-54724 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53223 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53225 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53215 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53220 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-49407 was published Aug 28, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53224 was published Aug 28, 2025
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in... High Unreviewed
CVE-2025-55618 was published Aug 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database