Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

440 advisories

Loading
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-68723 was published Feb 5, 2026
DotNetNuke.Core Vulnerable to Stored XSS via Module Title Critical
CVE-2026-24838 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes Credited to bdukes
Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE Critical
GHSA-cr3w-cw5w-h3fj was published for @saltcorn/server (npm) Jan 26, 2026
Mathis-Z Credited to Mathis-Z
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... Critical Unreviewed
CVE-2026-21264 was published Jan 23, 2026
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed
CVE-2026-1181 was published Jan 19, 2026
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling... Critical Unreviewed
CVE-2026-21624 was published Jan 16, 2026
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the... Critical Unreviewed
CVE-2026-21623 was published Jan 16, 2026
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed
CVE-2026-1009 was published Jan 16, 2026
Malicious website can execute commands on the local system through XSS in the OpenCode web UI Critical
CVE-2026-22813 was published for opencode-ai (npm) Jan 13, 2026
AlbertSPedersen Credited to AlbertSPedersen
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0... Critical Unreviewed
CVE-2025-67289 was published Dec 22, 2025
An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock... Critical Unreviewed
CVE-2025-67787 was published Dec 17, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64539 was published Dec 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64538 was published Dec 10, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site... Critical Unreviewed
CVE-2025-64537 was published Dec 10, 2025
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote... Critical Unreviewed
CVE-2025-10573 was published Dec 9, 2025
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed
CVE-2025-65267 was published Dec 3, 2025
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed
CVE-2025-64130 was published Nov 26, 2025
Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18... Critical Unreviewed
CVE-2025-60739 was published Nov 25, 2025
** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat... Critical Unreviewed
CVE-2025-63416 was published Nov 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52734 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52735 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52741 was published Oct 22, 2025
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-49553 was published Oct 15, 2025
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-59978 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database