GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 32,549
Composer 6,122
Erlang 86
GitHub Actions 54
Go 4,175
Maven 6,713
npm 6,687
NuGet 1,019
pip 5,531
Pub 13
RubyGems 1,102
Rust 1,421
Swift 61

Unreviewed advisories

All unreviewed 310,882

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

30 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was... High Unreviewed

CVE-2026-57532 was published Jun 25, 2026

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... High Unreviewed

CVE-2026-6002 was published May 7, 2026

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9... High Unreviewed

CVE-2026-2995 was published Mar 25, 2026

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... High Unreviewed

CVE-2025-14835 was published Jan 7, 2026

The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of ... High Unreviewed

CVE-2025-8386 was published Nov 15, 2025

A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of... High Unreviewed

CVE-2025-54346 was published Nov 14, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed

CVE-2025-60244 was published Nov 6, 2025

Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised... High Unreviewed

CVE-2025-39663 was published Oct 30, 2025

The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed

CVE-2025-10496 was published Oct 9, 2025

HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster... High Unreviewed

CVE-2025-51989 was published Aug 21, 2025

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This... High Unreviewed

CVE-2025-8029 was published Jul 22, 2025

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18... High Unreviewed

CVE-2025-4278 was published Jun 12, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed

CVE-2025-31384 was published Apr 4, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed

CVE-2025-22501 was published Mar 28, 2025

The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for... High Unreviewed

CVE-2024-13497 was published Mar 15, 2025

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed

CVE-2024-13704 was published Feb 18, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed

CVE-2025-24680 was published Jan 27, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed

CVE-2024-51689 was published Nov 9, 2024

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed

CVE-2024-44061 was published Oct 20, 2024

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due... High Unreviewed

CVE-2024-8981 was published Oct 1, 2024

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE... High Unreviewed

CVE-2024-2010 was published Sep 12, 2024

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in... High Unreviewed

CVE-2024-32484 was published Jul 22, 2024

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7... High Unreviewed

CVE-2024-34507 was published May 5, 2024

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar... High Unreviewed

CVE-2024-4439 was published May 3, 2024

Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers... High Unreviewed

CVE-2024-33423 was published May 1, 2024

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

30 advisories