Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

393 advisories

Loading
Astro: Reflected XSS via unescaped slot name High
CVE-2026-50146 was published for astro (npm) Jun 16, 2026
floudeciel Credited to floudeciel
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-34033 was published Jun 9, 2026
A reflected cross-site scripting issue exists in URL handling. Moderate Unreviewed
CVE-2026-9646 was published May 28, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39642 was published May 26, 2026
The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect... Low Unreviewed
CVE-2025-71310 was published May 26, 2026
md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed) High
CVE-2026-46492 was published for md-fileserver (npm) May 21, 2026
kiwi865 Credited to kiwi865
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer Moderate
CVE-2026-45346 was published for open-webui (npm) May 14, 2026
ZoczuS Credited to ZoczuS
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-15345 was published May 14, 2026
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated... Moderate Unreviewed
CVE-2021-47948 was published May 10, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... High Unreviewed
CVE-2026-6002 was published May 7, 2026
Weblate vulnerable to XSS via crafted Markdown Moderate
CVE-2026-44264 was published for weblate (pip) May 7, 2026
nijel Credited to nijel
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the... Low Unreviewed
CVE-2025-59854 was published May 6, 2026
YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers High
CVE-2026-43939 was published for YAFNET.Core (NuGet) May 5, 2026
MuhammadUwais Credited to MuhammadUwais
YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header High
CVE-2026-43938 was published for YAFNET.Core (NuGet) May 5, 2026
MuhammadUwais Credited to MuhammadUwais
@tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin High
GHSA-g485-8j3v-p6x8 was published for @tdurieux/anonymous_github (npm) May 5, 2026
jackfromeast Credited to jackfromeast and P3ngu1nW P3ngu1nW P3ngu1nW
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer Moderate
CVE-2026-35453 was published for phpoffice/phpspreadsheet (Composer) Apr 28, 2026
marduc812 Credited to marduc812
Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a... Moderate Unreviewed
CVE-2026-1564 was published Apr 16, 2026
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have... Moderate Unreviewed
CVE-2026-20170 was published Apr 15, 2026
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare Moderate
CVE-2026-40105 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 14, 2026
mikecole-mg Credited to mikecole-mg
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The... Moderate Unreviewed
CVE-2026-26460 was published Apr 13, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39712 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39628 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39629 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39626 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39625 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database