Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

93 advisories

Loading
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication Moderate
CVE-2025-66472 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Dec 10, 2025
4rdr
Credited to 4rdr
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd
Credited to oscerd
Astro vulnerable to reflected XSS via the server islands feature High
CVE-2025-64764 was published for astro (npm) Nov 19, 2025
cold-try
Credited to cold-try
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt Moderate
CVE-2025-64187 was published for octoprint (pip) Nov 4, 2025
jacopotediosi
Credited to jacopotediosi
bagisto has Cross Site Scripting (XSS) in Create New Customer Moderate
CVE-2025-62414 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG) Moderate
CVE-2025-62418 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML) Moderate
CVE-2025-62415 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
Credited to r3verii
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-55672 was published for apache-superset (pip) Aug 14, 2025
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev
Credited to SomeMWDev
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
Credited to lfgberg and asareynolds
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-jf6p-4hgv-v6qh was published for leantime/leantime (Composer) Mar 28, 2025 withdrawn
Froxlor has an HTML Injection Vulnerability Moderate
CVE-2025-48958 was published for froxlor/froxlor (Composer) Mar 11, 2025
BenefactorYuvi
Credited to BenefactorYuvi
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim Moderate
CVE-2025-27155 was published for github.com/matrix-org/pinecone (Go) Mar 4, 2025
Treanglex
Credited to Treanglex
Formwork has a cross-site scripting (XSS) vulnerability in Site title Moderate
GHSA-vf6x-59hh-332f was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412
Credited to Kyokito1412
Leantime affected by Improper Neutralization of HTML Tags Moderate
CVE-2025-28254 was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
Credited to cyber-brent and hugo-guzman
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package Moderate
CVE-2025-25299 was published for @ckeditor/ckeditor5-real-time-collaboration (npm) Feb 20, 2025
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Moderate
CVE-2024-46910 was published for org.apache.atlas:apache-atlas (Maven) Feb 13, 2025
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
Credited to geo-chen
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
Credited to mastomii and r3dpower
Django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section Moderate
CVE-2024-47819 was published for @umbraco-cms/backoffice (npm) Oct 22, 2024
DuongPhamm
Credited to DuongPhamm
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
Credited to Krymonota and jgniecki
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Credited to BlankEclair
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database