Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,239
Maven
5,000+
npm
3,900
NuGet
701
pip
3,667
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,481 advisories

Loading
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The... Low Unreviewed
CVE-2024-45712 was published Apr 15, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-3469 was published Apr 10, 2025
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79]... Low Unreviewed
CVE-2025-22855 was published Apr 8, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button Low
CVE-2025-3191 was published for react-draft-wysiwyg (npm) Apr 4, 2025
Drupal Link field display mode formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31695 was published for drupal/link_field_display_mode_formatter (Composer) Apr 1, 2025
Drupal Formatter Suite Vulnerable to Cross-Site Scripting (XSS) via Link Element Attributes Low
CVE-2025-31697 was published for drupal/formatter_suite (Composer) Apr 1, 2025
Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31696 was published for drupal/rapidoc_elements_field_formatter (Composer) Apr 1, 2025
Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31687 was published for drupal/spamspan (Composer) Apr 1, 2025
Drupal Core Cross-Site Scripting (XSS) Vulnerability Low
CVE-2025-31675 was published for drupal/core (Composer) Apr 1, 2025
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction Low
CVE-2024-39311 was published for publify_core (RubyGems) Mar 28, 2025
PinkDraconian
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the... Low Unreviewed
CVE-2025-2864 was published Mar 28, 2025
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW... Low Unreviewed
CVE-2025-27574 was published Mar 28, 2025
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-10560 was published Mar 25, 2025
The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which... Low Unreviewed
CVE-2024-13122 was published Mar 25, 2025
The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which... Low Unreviewed
CVE-2024-13123 was published Mar 25, 2025
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise... Low Unreviewed
CVE-2025-1062 was published Mar 24, 2025
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise... Low Unreviewed
CVE-2025-1203 was published Mar 24, 2025
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group... Low Unreviewed
CVE-2025-30345 was published Mar 21, 2025
LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) contains a vulnerability where... Low Unreviewed
CVE-2024-9901 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10721 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The... Low Unreviewed
CVE-2024-10722 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2,... Low Unreviewed
CVE-2024-10724 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database