Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,827
Maven
5,000+
npm
4,455
NuGet
775
pip
4,219
Pub
12
RubyGems
970
Rust
1,090
Swift
47
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed
CVE-2026-1009 was published Jan 16, 2026
Malicious website can execute commands on the local system through XSS in the OpenCode web UI Critical
CVE-2026-22813 was published for opencode-ai (npm) Jan 13, 2026
AlbertSPedersen
Credited to AlbertSPedersen
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0... Critical Unreviewed
CVE-2025-67289 was published Dec 22, 2025
An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock... Critical Unreviewed
CVE-2025-67787 was published Dec 17, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64537 was published Dec 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64538 was published Dec 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64539 was published Dec 10, 2025
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote... Critical Unreviewed
CVE-2025-10573 was published Dec 9, 2025
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed
CVE-2025-65267 was published Dec 3, 2025
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed
CVE-2025-64130 was published Nov 26, 2025
Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18... Critical Unreviewed
CVE-2025-60739 was published Nov 25, 2025
** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed
CVE-2025-63416 was published Nov 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52741 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52734 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52735 was published Oct 22, 2025
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-49553 was published Oct 15, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59974 was published Oct 9, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59978 was published Oct 9, 2025
A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10... Critical Unreviewed
CVE-2025-56683 was published Oct 9, 2025
Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel Critical
CVE-2025-50538 was published for flowise (npm) Oct 3, 2025
mikensec
Credited to mikensec
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module Critical
CVE-2025-59545 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes valadas
mitchelsellers
Credited to bdukes, valadas, and mitchelsellers
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross... Critical Unreviewed
CVE-2025-52161 was published Sep 8, 2025
An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker... Critical Unreviewed
CVE-2025-26210 was published Sep 3, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database