Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Kirby: Self cross-site scripting (self-XSS) in the writer field High
CVE-2026-49276 was published for getkirby/cms (Composer) Jun 18, 2026
earmark: Stored XSS via unescaped HTML attribute values Moderate
CVE-2026-48591 was published for earmark (Erlang) Jun 17, 2026
Duplicate Advisory: Exported session HTML could keep unsafe markdown links Low
GHSA-6xcg-6q43-rj2v was published for openclaw (npm) Jun 16, 2026 withdrawn
Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL Moderate
CVE-2026-53722 was published for nuxt (npm) Jun 16, 2026
manop55555 Credited to manop55555 and sota70 sota70 sota70
Concrete CMS is Vulnerable to Reflected XSS in Legacy Pagination Moderate
CVE-2026-8245 was published for concrete5/concrete5 (Composer) May 22, 2026
Nuxt: Reflected XSS in `navigateTo()` external redirect Moderate
CVE-2026-45669 was published for nuxt (npm) May 19, 2026
Mr-In4inci3le Credited to Mr-In4inci3le
An improper input neutralization vulnerability in the management web interface of the Palo Alto... High Unreviewed
CVE-2025-4615 was published Oct 9, 2025
An improper input neutralization vulnerability in the management web interface of the Palo Alto... Moderate Unreviewed
CVE-2025-0137 was published May 14, 2025
An improper input neutralization vulnerability in the management web interface of the Palo Alto... Moderate Unreviewed
CVE-2025-0125 was published Apr 11, 2025
Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email... Moderate Unreviewed
CVE-2024-9103 was published Mar 24, 2025
copyparty renders unsanitized filenames as HTML when user uploads empty files Low
CVE-2025-27145 was published for copyparty (pip) Feb 26, 2025
JayPatel48 Credited to JayPatel48
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer Credited to JorianWoltjer and frenzymadness frenzymadness frenzymadness
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR Moderate
CVE-2024-34343 was published for nuxt (npm) Aug 5, 2024
OhB00 Credited to OhB00
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI... High Unreviewed
CVE-2024-26283 was published Feb 22, 2024
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
A security defect was identified in Foundry Frontend that enabled users to potentially conduct... Moderate Unreviewed
CVE-2023-30958 was published Aug 4, 2023
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers Critical
CVE-2023-32070 was published for org.xwiki.platform:xwiki-core-rendering-api (Maven) May 11, 2023
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not... Low Unreviewed
CVE-2020-14525 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database