GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,824

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

237 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed

CVE-2025-63416 was published Nov 5, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-52735 was published Oct 22, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-52741 was published Oct 22, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-52734 was published Oct 22, 2025

Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed

CVE-2025-12001 was published Oct 21, 2025

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)... Critical Unreviewed

CVE-2025-49553 was published Oct 15, 2025

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-59974 was published Oct 9, 2025

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2025-59978 was published Oct 9, 2025

A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10... Critical Unreviewed

CVE-2025-56683 was published Oct 9, 2025

Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross... Critical Unreviewed

CVE-2025-52161 was published Sep 8, 2025

An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker... Critical Unreviewed

CVE-2025-26210 was published Sep 3, 2025

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed

CVE-2025-34157 was published Aug 27, 2025

Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack... Critical Unreviewed

CVE-2024-12223 was published Aug 20, 2025

Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report... Critical Unreviewed

CVE-2025-50754 was published Aug 4, 2025

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter ... Critical Unreviewed

CVE-2025-44136 was published Jul 29, 2025

A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. Critical Unreviewed

CVE-2025-54298 was published Jul 28, 2025

A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for... Critical Unreviewed

CVE-2025-54299 was published Jul 28, 2025

Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute... Critical Unreviewed

CVE-2025-46199 was published Jul 25, 2025

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId... Critical Unreviewed

CVE-2025-46410 was published Jul 24, 2025

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter... Critical Unreviewed

CVE-2025-41420 was published Jul 24, 2025

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter... Critical Unreviewed

CVE-2025-50128 was published Jul 24, 2025

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality... Critical Unreviewed

CVE-2025-53084 was published Jul 24, 2025

A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2... Critical Unreviewed

CVE-2020-26799 was published Jul 21, 2025

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An... Critical Unreviewed

CVE-2025-4779 was published Jul 7, 2025

User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) ... Critical Unreviewed

CVE-2025-53484 was published Jul 4, 2025

Previous1…10 Next

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

237 advisories