GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,600

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

38,265 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-49904 was published Nov 6, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-49905 was published Nov 6, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-52764 was published Nov 6, 2025

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High

GHSA-vfpf-xmwh-8m65 was published for prosemirror_to_html (RubyGems) Nov 7, 2025 • withdrawn

Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects... Moderate Unreviewed

CVE-2025-12284 was published Oct 26, 2025

Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored... Moderate Unreviewed

CVE-2025-41001 was published Nov 10, 2025

Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper... Moderate Unreviewed

CVE-2025-41107 was published Nov 10, 2025

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the... Moderate Unreviewed

CVE-2025-12920 was published Nov 10, 2025

The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2025-12643 was published Nov 8, 2025

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2025-12837 was published Nov 8, 2025

The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed

CVE-2025-12064 was published Nov 8, 2025

The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to Stored... Moderate Unreviewed

CVE-2025-12112 was published Nov 8, 2025

The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2025-12125 was published Nov 8, 2025

The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-12193 was published Nov 8, 2025

Liferay search widget vulnerable to Cross-site Scripting Moderate

CVE-2025-43804 was published for com.liferay:com.liferay.portal.search (Maven) Sep 17, 2025

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows... Moderate Unreviewed

CVE-2025-61261 was published Nov 7, 2025

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and... Moderate Unreviewed

CVE-2025-36135 was published Nov 7, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-53585 was published Nov 6, 2025

Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via... Moderate Unreviewed

CVE-2023-7319 was published Oct 31, 2025

Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed

CVE-2025-12001 was published Oct 21, 2025

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote... Low Unreviewed

CVE-2025-54168 was published Nov 7, 2025

A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a... Low Unreviewed

CVE-2025-57706 was published Nov 7, 2025

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a... Low Unreviewed

CVE-2025-58465 was published Nov 7, 2025

A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a... High Unreviewed

CVE-2025-54167 was published Nov 7, 2025

Nuxt DevTools vulnerable to cross-site scripting (XSS) Moderate

CVE-2025-52662 was published for @nuxt/devtools (npm) Nov 7, 2025

Previous 1…3…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

38,265 advisories