Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect... Low Unreviewed
CVE-2025-71310 was published May 26, 2026
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the... Low Unreviewed
CVE-2025-59854 was published May 6, 2026
An attacker might be able to inject HTML content into the internal web dashboard by sending... Low Unreviewed
CVE-2026-0396 was published Mar 31, 2026
Home Assistant has stored XSS in Map-card through malicious device name Low
CVE-2026-33044 was published for homeassistant (pip) Mar 27, 2026
pwnpanda Credited to pwnpanda
XSS in @leanprover/unicode-input-component Low
CVE-2026-32732 was published for @leanprover/unicode-input-component (npm) Mar 16, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18... Low Unreviewed
CVE-2026-1282 was published Feb 11, 2026
Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting ... Low Unreviewed
CVE-2025-29431 was published Mar 17, 2025
It is possible to inject HTML code into the page content using the "content" field in the ... Low Unreviewed
CVE-2025-22274 was published Feb 28, 2025
Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization... Low Unreviewed
CVE-2025-22402 was published Feb 7, 2025
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet... Low Unreviewed
CVE-2024-52967 was published Jan 14, 2025
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0... Low Unreviewed
CVE-2024-51472 was published Jan 6, 2025
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a... Low Unreviewed
CVE-2024-42195 was published Dec 5, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in... Low Unreviewed
CVE-2024-4214 was published May 17, 2024
Sulu HTML Injection via Autocomplete Suggestion Low
CVE-2024-24807 was published for sulu/sulu (Composer) Feb 5, 2024
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified... Low Unreviewed
CVE-2024-0183 was published Jan 2, 2024
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag Credited to msegoviag
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been... Low Unreviewed
CVE-2023-3017 was published May 31, 2023
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
bvqhuynh Credited to bvqhuynh
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton Credited to ChrisBAshton
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
nahiiko Credited to nahiiko
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database