Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-34033 was published Jun 9, 2026
A reflected cross-site scripting issue exists in URL handling. Moderate Unreviewed
CVE-2026-9646 was published May 28, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39642 was published May 26, 2026
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer Moderate
CVE-2026-45346 was published for open-webui (npm) May 14, 2026
ZoczuS Credited to ZoczuS
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2025-15345 was published May 14, 2026
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated... Moderate Unreviewed
CVE-2021-47948 was published May 10, 2026
Weblate vulnerable to XSS via crafted Markdown Moderate
CVE-2026-44264 was published for weblate (pip) May 7, 2026
nijel Credited to nijel
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer Moderate
CVE-2026-35453 was published for phpoffice/phpspreadsheet (Composer) Apr 28, 2026
marduc812 Credited to marduc812
Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a... Moderate Unreviewed
CVE-2026-1564 was published Apr 16, 2026
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have... Moderate Unreviewed
CVE-2026-20170 was published Apr 15, 2026
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare Moderate
CVE-2026-40105 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 14, 2026
mikecole-mg Credited to mikecole-mg
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The... Moderate Unreviewed
CVE-2026-26460 was published Apr 13, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39712 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39628 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39629 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39626 was published Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39625 was published Apr 8, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39837 was published Apr 7, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39839 was published Apr 7, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-39841 was published Apr 7, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-66486 was published Apr 2, 2026
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1834 was published Mar 31, 2026
The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI Moderate
CVE-2026-4267 was published for johnbillion/query-monitor (Composer) Mar 19, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate
CVE-2026-28499 was published for github.com/vapor/leaf-kit (Swift) Mar 16, 2026
iCMDdev Credited to iCMDdev, gwynne, and 0xTim gwynne gwynne
0xTim 0xTim
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security... Moderate Unreviewed
CVE-2026-20070 was published Mar 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database