Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,827
Maven
5,000+
npm
4,455
NuGet
775
pip
4,219
Pub
12
RubyGems
970
Rust
1,090
Swift
47
Unreviewed advisories
All unreviewed
5,000+

39,569 advisories

Loading
solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data Low
GHSA-44jg-mv3h-wj6g was published for solspace/craft-freeform (Composer) Jan 15, 2026
riekusdn
Credited to riekusdn
SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output. Moderate Unreviewed
CVE-2025-65368 was published Jan 15, 2026
A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An... Moderate Unreviewed
CVE-2025-70890 was published Jan 15, 2026
A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy... Moderate Unreviewed
CVE-2025-65349 was published Jan 15, 2026
svelte vulnerable to Cross-site Scripting Moderate
CVE-2025-15265 was published for svelte (npm) Jan 15, 2026
elliott-with-the-longest-name-on-github Rich-Harris
Credited to elliott-with-the-longest-name-on-github and Rich-Harris
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... Moderate Unreviewed
CVE-2026-20075 was published Jan 15, 2026
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2026-20076 was published Jan 15, 2026
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to... Moderate Unreviewed
CVE-2021-47843 was published Jan 15, 2026
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input... Moderate Unreviewed
CVE-2021-47769 was published Jan 15, 2026
ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email... Moderate Unreviewed
CVE-2021-47768 was published Jan 15, 2026
Improper handling of a URL parameter may allow attackers to execute code in a user's browser... Moderate Unreviewed
CVE-2026-22913 was published Jan 15, 2026
An attacker with administrative access may inject malicious content into the login page,... Low Unreviewed
CVE-2026-22919 was published Jan 15, 2026
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor... Moderate Unreviewed
CVE-2026-22637 was published Jan 15, 2026
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-14448 was published Jan 15, 2026
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows... Moderate Unreviewed
CVE-2026-0601 was published Jan 15, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-14556 was published Jan 14, 2026
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-71164 was published Jan 14, 2026
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-71165 was published Jan 14, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-14557 was published Jan 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6,... High Unreviewed
CVE-2025-11224 was published Jan 14, 2026
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-71166 was published Jan 14, 2026
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the... Moderate Unreviewed
CVE-2025-67833 was published Jan 14, 2026
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17... Moderate Unreviewed
CVE-2025-63644 was published Jan 14, 2026
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the... Moderate Unreviewed
CVE-2025-67834 was published Jan 14, 2026
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could... Moderate Unreviewed
CVE-2025-37185 was published Jan 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database