GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,278
Composer 5,337
Erlang 44
GitHub Actions 45
Go 3,185
Maven 6,304
npm 5,174
NuGet 864
pip 4,476
Pub 12
RubyGems 992
Rust 1,185
Swift 51

Unreviewed advisories

All unreviewed 293,734

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

35,288 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

HTML Injection can be carried out in Product when a web application does not properly check or... Moderate Unreviewed

CVE-2025-62320 was published Mar 17, 2026

Admidio has an HTMLPurifier Bypass in eCard Message Allows HTML Email Injection Moderate

CVE-2026-32757 was published for admidio/admidio (Composer) Mar 16, 2026

Credited to restriction

SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS Moderate

GHSA-v3mg-9v85-fcm7 was published for siyuan (Go) Mar 16, 2026

Credited to 0xkakash1

SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface Moderate

CVE-2026-32751 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026

Credited to 0xkakash1

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting... Moderate Unreviewed

CVE-2026-29520 was published Mar 16, 2026

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting... Moderate Unreviewed

CVE-2026-29513 was published Mar 16, 2026

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting... Moderate Unreviewed

CVE-2026-29510 was published Mar 16, 2026

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of... Moderate Unreviewed

CVE-2025-65734 was published Mar 16, 2026

Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An... Moderate Unreviewed

CVE-2025-57543 was published Mar 16, 2026

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate

CVE-2026-28499 was published for leaf-kit (Swift) Mar 16, 2026

Credited to iCMDdev, gwynne, and 0xTim

gwynne

0xTim

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem)... Moderate Unreviewed

CVE-2025-2274 was published Mar 16, 2026

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown... Moderate Unreviewed

CVE-2026-4225 was published Mar 16, 2026

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown... Moderate Unreviewed

CVE-2026-4186 was published Mar 16, 2026

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function... Moderate Unreviewed

CVE-2026-4169 was published Mar 16, 2026

A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The... Moderate Unreviewed

CVE-2026-4165 was published Mar 16, 2026

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function... Moderate Unreviewed

CVE-2026-4166 was published Mar 16, 2026

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the... Moderate Unreviewed

CVE-2026-4168 was published Mar 16, 2026

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an... Moderate Unreviewed

CVE-2026-4175 was published Mar 16, 2026

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext... Moderate Unreviewed

CVE-2026-32774 was published Mar 16, 2026

Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in... Moderate Unreviewed

CVE-2026-3024 was published Mar 16, 2026

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An... Moderate Unreviewed

CVE-2025-69245 was published Mar 16, 2026

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting... Moderate Unreviewed

CVE-2017-20219 was published Mar 16, 2026

Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation... Moderate Unreviewed

CVE-2025-69237 was published Mar 16, 2026

Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing... Moderate Unreviewed

CVE-2025-69236 was published Mar 16, 2026

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft... Moderate Unreviewed

CVE-2025-69242 was published Mar 16, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

35,288 advisories