Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

373 advisories

Loading
** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed
CVE-2025-63416 was published Nov 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52734 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52735 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52741 was published Oct 22, 2025
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-49553 was published Oct 15, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59974 was published Oct 9, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59978 was published Oct 9, 2025
A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10... Critical Unreviewed
CVE-2025-56683 was published Oct 9, 2025
Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel Critical
CVE-2025-50538 was published for flowise (npm) Oct 3, 2025
mikensec
Credited to mikensec
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module Critical
CVE-2025-59545 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes valadas
mitchelsellers
Credited to bdukes, valadas, and mitchelsellers
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross... Critical Unreviewed
CVE-2025-52161 was published Sep 8, 2025
An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker... Critical Unreviewed
CVE-2025-26210 was published Sep 3, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack... Critical Unreviewed
CVE-2024-12223 was published Aug 20, 2025
Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report... Critical Unreviewed
CVE-2025-50754 was published Aug 4, 2025
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter ... Critical Unreviewed
CVE-2025-44136 was published Jul 29, 2025
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for... Critical Unreviewed
CVE-2025-54299 was published Jul 28, 2025
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. Critical Unreviewed
CVE-2025-54298 was published Jul 28, 2025
Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute... Critical Unreviewed
CVE-2025-46199 was published Jul 25, 2025
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter... Critical Unreviewed
CVE-2025-50128 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality... Critical Unreviewed
CVE-2025-53084 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter... Critical Unreviewed
CVE-2025-41420 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId... Critical Unreviewed
CVE-2025-46410 was published Jul 24, 2025
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2... Critical Unreviewed
CVE-2020-26799 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database