Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,942
Erlang
39
GitHub Actions
38
Go
2,599
Maven
5,000+
npm
4,249
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

91 advisories

Loading
Piranha CMS vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2025-61413 was published for Piranha (NuGet) Oct 23, 2025
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Credited to masatokinugawa, klaudialax, and Rudloff
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
alexeyNeklesa-idt metametadata
eoftedal
Credited to alexeyNeklesa-idt, metametadata, and eoftedal
PiranhaCMS stored XSS Moderate
CVE-2025-57692 was published for Piranha (NuGet) Sep 26, 2025
DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile Moderate
CVE-2025-59821 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
DNN Vulnerable to Stored XSS Using Backend Admin Credentials Low
CVE-2025-59546 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module Critical
CVE-2025-59545 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes valadas
mitchelsellers
Credited to bdukes, valadas, and mitchelsellers
DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field Moderate
CVE-2025-59539 was published for DotNetNuke.Core (NuGet) Sep 22, 2025
bdukes valadas
mitchelsellers
Credited to bdukes, valadas, and mitchelsellers
DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects Moderate
CVE-2025-52486 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
Credited to bdukes and valadas
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed Moderate
CVE-2025-52485 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
bdukes valadas
Credited to bdukes and valadas
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
metametadata
Credited to metametadata
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-56236 was published for FormCMS (NuGet) Aug 28, 2025
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano c960657
Borzik
Credited to Elkano, c960657, and Borzik
Reflected Cross-Site Scripting (XSS) in module actions in edit mode Moderate
CVE-2025-48377 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline Moderate
CVE-2025-48378 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
XSS/HTML Injection Vulnerability in Umbraco Preview Badge Moderate
CVE-2024-10761 was published for Umbraco.Cms (NuGet) Jan 21, 2025
kushkira
Credited to kushkira
Duplicate Advisory: Umbraco CMS Cross-site Scripting vulnerability Low
GHSA-4gmq-m9vp-jrwg was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024 withdrawn
AndyButland
Credited to AndyButland
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting Moderate
CVE-2024-55488 was published for Umbraco.Cms.Infrastructure (NuGet) Jan 22, 2025 withdrawn
AndyButland
Credited to AndyButland
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane Moderate
CVE-2024-35218 was published for UmbracoCms.Core (NuGet) May 21, 2024
RaphaelCSSilva
Credited to RaphaelCSSilva
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
Credited to masatokinugawa, Churro, and Rudloff
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components Moderate
CVE-2025-24012 was published for @umbraco-cms/backoffice (npm) Jan 21, 2025
Nexusss-ppatil
Credited to Nexusss-ppatil
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55341 was published for Piranha (NuGet) Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55342 was published for Piranha (NuGet) Dec 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database