Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,386 advisories

Loading
A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote... Low Unreviewed
CVE-2026-22895 was published Mar 20, 2026
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to... Low Unreviewed
CVE-2026-22210 was published Mar 13, 2026
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the... Low Unreviewed
CVE-2026-3884 was published Mar 11, 2026
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to... Low Unreviewed
CVE-2025-40895 was published Mar 4, 2026
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality... Low Unreviewed
CVE-2025-40894 was published Mar 4, 2026
Some HTTP security headers are not properly set by the web server when sending responses to the... Low Unreviewed
CVE-2026-1696 was published Feb 26, 2026
SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area for certain edge-case... Low Unreviewed
CVE-2026-26345 was published Feb 19, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61656 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-67483 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61657 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-67477 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61651 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-67475 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61655 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-67481 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61645 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61650 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61648 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-11261 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61640 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61637 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61638 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61636 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61644 was published Feb 3, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61642 was published Feb 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database