GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,124 advisories
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Moderate
CVE-2025-66026
was published
for
redaxo/source
(Composer)
Nov 25, 2025
GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
Moderate
CVE-2025-21621
was published
for
org.geoserver.web:gs-web-app
(Maven)
Nov 25, 2025
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Moderate
CVE-2025-65956
was published
for
getformwork/formwork
(Composer)
Nov 24, 2025
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Moderate
CVE-2025-65013
was published
for
librenms/librenms
(Composer)
Nov 18, 2025
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message
Moderate
CVE-2025-64758
was published
for
@dependencytrack/frontend
(npm)
Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-64747
was published
for
directus
(npm)
Nov 14, 2025
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Moderate
CVE-2025-64187
was published
for
octoprint
(pip)
Nov 4, 2025
OpenMage vulnerable to XSS in Admin Notifications
Moderate
CVE-2025-64174
was published
for
openmage/magento-lts
(Composer)
Nov 3, 2025
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Moderate
CVE-2025-64716
was published
for
github.com/TecharoHQ/anubis
(Go)
Oct 30, 2025
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Moderate
CVE-2025-64094
was published
for
DotNetNuke.Core
(NuGet)
Oct 29, 2025
FastMCP vulnerable to reflected XSS in client's callback page
Moderate
CVE-2025-62800
was published
for
fastmcp
(pip)
Oct 29, 2025
CKAN vulnerable to stored XSS in resource description
Moderate
CVE-2025-54384
was published
for
ckan
(pip)
Oct 29, 2025
Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax
Moderate
CVE-2025-62798
was published
for
code16/sharp
(Composer)
Oct 29, 2025
PrivateBin is missing HTML sanitization of attached filename in file size hint
Moderate
CVE-2025-62796
was published
for
privatebin/privatebin
(Composer)
Oct 28, 2025
ProTip!
Advisories are also available from the
GraphQL API