Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,636 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-13939 was published Dec 5, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-13937 was published Dec 5, 2025
Snipe-IT is vulnerable to stored cross-site scripting Moderate
CVE-2025-65621 was published for snipe/snipe-it (Composer) Dec 1, 2025
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open... Moderate Unreviewed
CVE-2025-66574 was published Dec 4, 2025
Due to a regression introduced in version 3.83.0, a security header is no longer applied to... Moderate Unreviewed
CVE-2025-13488 was published Dec 4, 2025
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-14013 was published Dec 4, 2025
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process... Moderate Unreviewed
CVE-2023-53735 was published Dec 4, 2025
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26... Moderate Unreviewed
CVE-2025-13873 was published Dec 2, 2025
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the... Low Unreviewed
CVE-2025-14007 was published Dec 4, 2025
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is... Moderate Unreviewed
CVE-2025-14005 was published Dec 4, 2025
A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this... Moderate Unreviewed
CVE-2025-14006 was published Dec 4, 2025
The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `... Moderate Unreviewed
CVE-2025-13513 was published Dec 4, 2025
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto... High Unreviewed
CVE-2025-11727 was published Dec 4, 2025
Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes High
CVE-2025-66412 was published for @angular/compiler (npm) Dec 2, 2025
alan-agius4 securityMB
crisbeto devversion AKiileX AndrewKushnir
Credited to alan-agius4, securityMB, crisbeto, devversion, AKiileX, and AndrewKushnir
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0... Moderate Unreviewed
CVE-2025-63401 was published Dec 3, 2025
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised... High Unreviewed
CVE-2025-39663 was published Oct 30, 2025
Contao is vulnerable to cross-site scripting in templates Low
CVE-2025-65961 was published for contao/core-bundle (Composer) Nov 25, 2025
ausi m-vo
Credited to ausi and m-vo
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed
CVE-2025-65267 was published Dec 3, 2025
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release:... Moderate Unreviewed
CVE-2025-65237 was published Nov 26, 2025
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart... High Unreviewed
CVE-2025-66258 was published Nov 26, 2025
A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY... Moderate Unreviewed
CVE-2025-57202 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20385 was published Dec 3, 2025
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP... Moderate Unreviewed
CVE-2025-13401 was published Dec 3, 2025
Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor Moderate
CVE-2025-65186 was published for getgrav/grav (Composer) Dec 2, 2025
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors High
CVE-2025-66468 was published for aimeos/ai-cms-grapesjs (Composer) Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database