Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

257 advisories

Loading
Affected devices do not properly sanitize contents of trace files. This could allow an attacker... Critical Unreviewed
CVE-2025-40943 was published Mar 10, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2026-3010 was published Feb 28, 2026
An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files... Critical Unreviewed
CVE-2025-65717 was published Feb 16, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2025-8668 was published Feb 11, 2026
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-68723 was published Feb 5, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... Critical Unreviewed
CVE-2026-21264 was published Jan 23, 2026
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed
CVE-2026-1181 was published Jan 19, 2026
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling... Critical Unreviewed
CVE-2026-21624 was published Jan 16, 2026
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the... Critical Unreviewed
CVE-2026-21623 was published Jan 16, 2026
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed
CVE-2026-1009 was published Jan 16, 2026
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0... Critical Unreviewed
CVE-2025-67289 was published Dec 22, 2025
An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock... Critical Unreviewed
CVE-2025-67787 was published Dec 17, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64537 was published Dec 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64538 was published Dec 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64539 was published Dec 10, 2025
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote... Critical Unreviewed
CVE-2025-10573 was published Dec 9, 2025
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed
CVE-2025-65267 was published Dec 3, 2025
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed
CVE-2025-64130 was published Nov 26, 2025
Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18... Critical Unreviewed
CVE-2025-60739 was published Nov 25, 2025
** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed
CVE-2025-63416 was published Nov 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52741 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52735 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52734 was published Oct 22, 2025
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-49553 was published Oct 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database