GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 32,549
Composer 6,122
Erlang 86
GitHub Actions 54
Go 4,175
Maven 6,713
npm 6,687
NuGet 1,019
pip 5,531
Pub 13
RubyGems 1,102
Rust 1,421
Swift 61

Unreviewed advisories

All unreviewed 310,878

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

238 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. Moderate Unreviewed

CVE-2025-64637 was published Jun 26, 2026

Malicious HTML content could be injected into the email address of an order, which pretix showed... Moderate Unreviewed

CVE-2026-13225 was published Jun 25, 2026

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and... Moderate Unreviewed

CVE-2025-62198 was published Jun 22, 2026

Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient... Moderate Unreviewed

CVE-2025-71331 was published Jun 20, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-34033 was published Jun 9, 2026

A reflected cross-site scripting issue exists in URL handling. Moderate Unreviewed

CVE-2026-9646 was published May 28, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39642 was published May 26, 2026

The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed

CVE-2025-15345 was published May 14, 2026

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated... Moderate Unreviewed

CVE-2021-47948 was published May 10, 2026

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a... Moderate Unreviewed

CVE-2026-1564 was published Apr 16, 2026

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have... Moderate Unreviewed

CVE-2026-20170 was published Apr 15, 2026

A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The... Moderate Unreviewed

CVE-2026-26460 was published Apr 13, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39712 was published Apr 8, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39628 was published Apr 8, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39629 was published Apr 8, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39626 was published Apr 8, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39625 was published Apr 8, 2026

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39837 was published Apr 7, 2026

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39841 was published Apr 7, 2026

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39839 was published Apr 7, 2026

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed

CVE-2025-66486 was published Apr 2, 2026

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-1834 was published Mar 31, 2026

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security... Moderate Unreviewed

CVE-2026-20070 was published Mar 4, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-28132 was published Feb 26, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-22422 was published Feb 19, 2026

Previous1…10 Next

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

238 advisories