GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
411 advisories
Filter by severity
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2025-36321
was published
Jun 30, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-50229
was published
Jun 29, 2026
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Moderate
Unreviewed
CVE-2025-64637
was published
Jun 26, 2026
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Low
Unreviewed
CVE-2026-13314
was published
Jun 25, 2026
Malicious HTML content could be injected into the email address of an
order, which pretix showed...
Moderate
Unreviewed
CVE-2026-13225
was published
Jun 25, 2026
Content injected to PDF rendering contexts could, in many places, include HTML content including ...
Low
Unreviewed
CVE-2026-57535
was published
Jun 25, 2026
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Low
Unreviewed
CVE-2026-57534
was published
Jun 25, 2026
Malicious HTML content could be injected into the page pretix shows when
redirection to an...
Low
Unreviewed
CVE-2026-57533
was published
Jun 25, 2026
Malicious HTML content contained in the layout specification of a PDF
ticket or badge layout was...
High
Unreviewed
CVE-2026-57532
was published
Jun 25, 2026
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Moderate
CVE-2026-52816
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
OctoPrint has XSS in its Suppressed Command Notifications
Moderate
CVE-2026-35163
was published
for
OctoPrint
(pip)
Jun 23, 2026
An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and...
Moderate
Unreviewed
CVE-2025-62198
was published
Jun 22, 2026
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient...
Moderate
Unreviewed
CVE-2025-71331
was published
Jun 20, 2026
Gogs: XSS in .ipynb files renderer due to outdated notebookjs
High
GHSA-6vxv-wg6j-5qwp
was published
for
gogs.io/gogs
(Go)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled
High
CVE-2026-55692
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template
High
CVE-2026-55691
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text
High
CVE-2026-55690
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
Astro: Reflected XSS via unescaped slot name
High
CVE-2026-50146
was published
for
astro
(npm)
Jun 16, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-34033
was published
Jun 9, 2026
A reflected cross-site scripting issue exists in URL handling.
Moderate
Unreviewed
CVE-2026-9646
was published
May 28, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39642
was published
May 26, 2026
The GDPR cookies module for Backdrop CMS (before
1.x-1.3.5) doesn't sufficiently protect...
Low
Unreviewed
CVE-2025-71310
was published
May 26, 2026
md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
High
CVE-2026-46492
was published
for
md-fileserver
(npm)
May 21, 2026
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
Moderate
CVE-2026-45346
was published
for
open-webui
(npm)
May 14, 2026
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2025-15345
was published
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API