Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,274 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53585 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-53574 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-53324 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-53349 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-53245 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-53239 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-49909 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-53286 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-52764 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-49905 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-49904 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-49390 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-31029 was published Nov 6, 2025
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High
GHSA-52c5-vh7f-26fx was published for prosemirror_to_html (RubyGems) Nov 6, 2025
polypixeldev Luke-Oldenburg
Spone 9021007
Credited to polypixeldev, Luke-Oldenburg, Spone, and 9021007
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-10955 was published Nov 6, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-11956 was published Nov 6, 2025
IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1... Moderate Unreviewed
CVE-2025-36054 was published Nov 6, 2025
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in... Moderate Unreviewed
CVE-2025-11268 was published Nov 6, 2025
The Hubbub Lite – Fast, free social sharing and follow buttons plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12471 was published Nov 6, 2025
Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates... Moderate Unreviewed
CVE-2025-61994 was published Nov 6, 2025
** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed
CVE-2025-63416 was published Nov 5, 2025
A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple... Moderate Unreviewed
CVE-2025-10853 was published Nov 5, 2025
Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexos_nuevo.php... Moderate Unreviewed
CVE-2025-55341 was published Nov 5, 2025
A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of... Moderate Unreviewed
CVE-2025-5770 was published Nov 5, 2025
A DOM-based Cross-Site Scripting (XSS) vulnerability in the SelfBest platform 2023.3 allows... Moderate Unreviewed
CVE-2025-63418 was published Nov 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database