Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

239 advisories

Loading
Decap CMS Cross Site Scripting (XSS) vulnerability Low
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin Low
CVE-2025-9910 was published for jsondiffpatch (npm) Sep 11, 2025
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package Low
CVE-2025-58064 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 3, 2025
Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container Low
CVE-2025-43753 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 22, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Low
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js Low
CVE-2025-9095 was published for express-gateway (npm) Aug 18, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
ember-source Cross-site Scripting vulnerability Low
CVE-2014-0046 was published for ember-source (RubyGems) Aug 28, 2018
tdunlap607 anlakii
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Microweber Has Stored XSS Vulnerability in User Profile Fields Low
CVE-2025-51503 was published for microweber/microweber (Composer) Jul 31, 2025
Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler Low
CVE-2025-2214 was published for microweber/microweber (Composer) Mar 12, 2025
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports Low
CVE-2023-40030 was published for cargo (Rust) Aug 24, 2023
pietroalbini cuviper
remkop22 ehuss weihanglo Manishearth iusx
Alkacon OpenCMS XSS via New User module Low
CVE-2019-11818 was published for org.opencms:opencms-core (Maven) May 24, 2022
Alkacon OpenCMS XSS via title and requestedResource parameters Low
CVE-2013-4600 was published for org.opencms:opencms-core (Maven) May 17, 2022
Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters Low
CVE-2015-2351 was published for org.opencms:opencms-core (Maven) May 14, 2022
Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp Low
CVE-2008-1753 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter Low
CVE-2008-1510 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon Open CMS XSS via Logfile Viewer Settings function Low
CVE-2008-1300 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp Low
CVE-2008-1045 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via query parameter in a search action Low
CVE-2006-2571 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via unsanitized message body Low
CVE-2006-3933 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCms XSS via username during login Low
CVE-2005-4294 was published for org.opencms:opencms-core (Maven) May 1, 2022
The Backup Plus extension for TYPO3 (ns_backup) allows XSS Low
CVE-2025-48206 was published for nitsan/ns-backup (Composer) May 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database