GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,905
Composer 5,452
Erlang 46
GitHub Actions 47
Go 3,340
Maven 6,338
npm 5,367
NuGet 881
pip 4,549
Pub 12
RubyGems 1,012
Rust 1,202
Swift 51

Unreviewed advisories

All unreviewed 295,465

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

258 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary... Critical Unreviewed

CVE-2026-29859 was published Mar 18, 2026

Affected devices do not properly sanitize contents of trace files. This could allow an attacker... Critical Unreviewed

CVE-2025-40943 was published Mar 10, 2026

Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker... Critical Unreviewed

CVE-2023-48974 was published Feb 8, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2026-3010 was published Feb 28, 2026

Power BI Report Server Spoofing Vulnerability Critical Unreviewed

CVE-2021-41372 was published May 24, 2022

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files... Critical Unreviewed

CVE-2025-65717 was published Feb 16, 2026

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS)... Critical Unreviewed

CVE-2025-68723 was published Feb 5, 2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2025-8668 was published Feb 11, 2026

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling... Critical Unreviewed

CVE-2026-21624 was published Jan 16, 2026

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the... Critical Unreviewed

CVE-2026-21623 was published Jan 16, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... Critical Unreviewed

CVE-2026-21264 was published Jan 23, 2026

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed

CVE-2026-1181 was published Jan 19, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-52741 was published Oct 22, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-52734 was published Oct 22, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-52735 was published Oct 22, 2025

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed

CVE-2026-1009 was published Jan 16, 2026

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0... Critical Unreviewed

CVE-2025-67289 was published Dec 22, 2025

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock... Critical Unreviewed

CVE-2025-67787 was published Dec 17, 2025

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed

CVE-2025-64539 was published Dec 10, 2025

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed

CVE-2025-64538 was published Dec 10, 2025

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed

CVE-2025-64537 was published Dec 10, 2025

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote... Critical Unreviewed

CVE-2025-10573 was published Dec 9, 2025

In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed

CVE-2025-65267 was published Dec 3, 2025

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed

CVE-2025-64130 was published Nov 26, 2025

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18... Critical Unreviewed

CVE-2025-60739 was published Nov 25, 2025

Previous1…11 Next

Previous 1 2 3 4 5 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

258 advisories