Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Astro vulnerable to reflected XSS via the server islands feature High
CVE-2025-64764 was published for astro (npm) Nov 19, 2025
cold-try
Credited to cold-try
The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of ... High Unreviewed
CVE-2025-8386 was published Nov 15, 2025
A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of... High Unreviewed
CVE-2025-54346 was published Nov 14, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed
CVE-2025-60244 was published Nov 6, 2025
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised... High Unreviewed
CVE-2025-39663 was published Oct 30, 2025
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2025-10496 was published Oct 9, 2025
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
Credited to r3verii
HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster... High Unreviewed
CVE-2025-51989 was published Aug 21, 2025
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This... High Unreviewed
CVE-2025-8029 was published Jul 22, 2025
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev
Credited to SomeMWDev
An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18... High Unreviewed
CVE-2025-4278 was published Jun 12, 2025
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
Credited to lfgberg and asareynolds
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed
CVE-2025-31384 was published Apr 4, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed
CVE-2025-22501 was published Mar 28, 2025
The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for... High Unreviewed
CVE-2024-13497 was published Mar 15, 2025
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2024-13704 was published Feb 18, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed
CVE-2025-24680 was published Jan 27, 2025
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... High Unreviewed
CVE-2024-44061 was published Oct 20, 2024
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due... High Unreviewed
CVE-2024-8981 was published Oct 1, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE... High Unreviewed
CVE-2024-2010 was published Sep 12, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
Credited to stsewd
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in... High Unreviewed
CVE-2024-32484 was published Jul 22, 2024
ghtml Cross-Site Scripting (XSS) vulnerability High
CVE-2024-37166 was published for ghtml (npm) Jun 10, 2024
lirantal
Credited to lirantal
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7... High Unreviewed
CVE-2024-34507 was published May 5, 2024
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar... High Unreviewed
CVE-2024-4439 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database