Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

376 advisories

Loading
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter... Critical Unreviewed
CVE-2025-41420 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality... Critical Unreviewed
CVE-2025-53084 was published Jul 24, 2025
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2... Critical Unreviewed
CVE-2020-26799 was published Jul 21, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Credited to odaysec
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An... Critical Unreviewed
CVE-2025-4779 was published Jul 7, 2025
User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) ... Critical Unreviewed
CVE-2025-53484 was published Jul 4, 2025
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the... Critical Unreviewed
CVE-2025-53599 was published Jul 4, 2025
A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of... Critical Unreviewed
CVE-2025-1987 was published Jun 22, 2025
Magneto contains stored XSS vulnerability Critical
CVE-2025-47110 was published for magento/community-edition (Composer) Jun 10, 2025
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to... Critical Unreviewed
CVE-2025-44148 was published Jun 3, 2025
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Credited to Ry0taK and crenshaw-dev
Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance... Critical Unreviewed
CVE-2024-10865 was published May 14, 2025
Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-43567 was published May 13, 2025
org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content Critical
CVE-2025-46558 was published for org.xwiki.contrib.markdown:syntax-markdown-commonmark12 (Maven) Apr 30, 2025
Due to lack of server-side input validation, attackers can inject malicious JavaScript code into... Critical Unreviewed
CVE-2025-24297 was published Apr 16, 2025
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering Critical
CVE-2025-2946 was published for pgadmin4 (pip) Apr 3, 2025
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
Credited to thevilledev
An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the... Critical Unreviewed
CVE-2024-8017 was published Mar 20, 2025
A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML... Critical Unreviewed
CVE-2024-39272 was published Feb 6, 2025
A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists... Critical Unreviewed
CVE-2024-57428 was published Feb 6, 2025
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc Critical
CVE-2025-24981 was published for @nuxtjs/mdc (npm) Feb 6, 2025
lirantal
Credited to lirantal
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting) Critical
GHSA-9x4v-xfq5-m8x5 was published for better-auth (npm) Feb 5, 2025
Eriner
Credited to Eriner
Software installed and run as a non-privileged user may conduct improper GPU system calls to... Critical Unreviewed
CVE-2024-47891 was published Jan 31, 2025
The specific component in Celk Saude 3.1.252.1 that processes user input and returns error... Critical Unreviewed
CVE-2024-48761 was published Jan 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database