Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer Moderate
CVE-2026-45346 was published for open-webui (npm) May 14, 2026
ZoczuS Credited to ZoczuS
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-15345 was published May 14, 2026
YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers High
CVE-2026-43939 was published for YAFNET.Core (NuGet) May 5, 2026
MuhammadUwais Credited to MuhammadUwais
YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header High
CVE-2026-43938 was published for YAFNET.Core (NuGet) May 5, 2026
MuhammadUwais Credited to MuhammadUwais
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated... Moderate Unreviewed
CVE-2021-47948 was published May 10, 2026
Weblate vulnerable to XSS via crafted Markdown Moderate
CVE-2026-44264 was published for weblate (pip) May 7, 2026
nijel Credited to nijel
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer Moderate
CVE-2026-35453 was published for phpoffice/phpspreadsheet (Composer) Apr 28, 2026
marduc812 Credited to marduc812
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the... Low Unreviewed
CVE-2025-59854 was published May 6, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... High Unreviewed
CVE-2026-6002 was published May 7, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate
CVE-2026-28499 was published for github.com/vapor/leaf-kit (Swift) Mar 16, 2026
iCMDdev Credited to iCMDdev, gwynne, and 0xTim gwynne gwynne
0xTim 0xTim
@tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin High
GHSA-g485-8j3v-p6x8 was published for @tdurieux/anonymous_github (npm) May 5, 2026
jackfromeast Credited to jackfromeast and P3ngu1nW P3ngu1nW P3ngu1nW
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in... Moderate Unreviewed
CVE-2023-48763 was published Apr 24, 2024
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare Moderate
CVE-2026-40105 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 14, 2026
mikecole-mg Credited to mikecole-mg
Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a... Moderate Unreviewed
CVE-2026-1564 was published Apr 16, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2023-23989 was published Apr 24, 2024
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39841 was published Apr 7, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39837 was published Apr 7, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39839 was published Apr 7, 2026
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The... Moderate Unreviewed
CVE-2026-26460 was published Apr 13, 2026
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have... Moderate Unreviewed
CVE-2026-20170 was published Apr 15, 2026
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd Credited to oscerd
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39628 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39626 was published Apr 8, 2026
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600... Moderate Unreviewed
CVE-2022-36325 was published Aug 11, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39625 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database