Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

393 advisories

Loading
ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks... Moderate Unreviewed
CVE-2025-65924 was published Feb 3, 2026
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a... Moderate Unreviewed
CVE-2025-45160 was published Jan 29, 2026
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages Moderate
CVE-2026-24128 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jan 23, 2026
mikecole-mg Credited to mikecole-mg
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-24564 was published Jan 23, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-22469 was published Jan 22, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-47600 was published Jan 22, 2026
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker... Moderate Unreviewed
CVE-2025-36397 was published Jan 20, 2026
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and... Moderate Unreviewed
CVE-2026-20047 was published Jan 15, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-69169 was published Jan 8, 2026
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-14792 was published Jan 7, 2026
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... High Unreviewed
CVE-2025-14835 was published Jan 7, 2026
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-15058 was published Jan 7, 2026
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker... Moderate Unreviewed
CVE-2025-36230 was published Dec 26, 2025
The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-14735 was published Dec 20, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-64225 was published Dec 18, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-64633 was published Dec 16, 2025
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication Moderate
CVE-2025-66472 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Dec 10, 2025
4rdr Credited to 4rdr
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-63068 was published Dec 9, 2025
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd Credited to oscerd
Astro vulnerable to reflected XSS via the server islands feature High
CVE-2025-64764 was published for astro (npm) Nov 19, 2025
cold-try Credited to cold-try
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in... Moderate Unreviewed
CVE-2025-58412 was published Nov 19, 2025
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-11267 was published Nov 18, 2025
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-11265 was published Nov 18, 2025
The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of ... High Unreviewed
CVE-2025-8386 was published Nov 15, 2025
A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop... Moderate Unreviewed
CVE-2025-54348 was published Nov 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database