GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,043
Composer 5,887
Erlang 70
GitHub Actions 52
Go 3,904
Maven 6,602
npm 6,308
NuGet 967
pip 5,167
Pub 13
RubyGems 1,062
Rust 1,374
Swift 54

Unreviewed advisories

All unreviewed 304,499

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

271 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on... Critical Unreviewed

CVE-2026-25787 was published May 12, 2026

Affected devices do not properly validate and sanitize PLC/station name rendered on the ... Critical Unreviewed

CVE-2026-25786 was published May 12, 2026

Improper neutralization of input during web page generation ('cross-site scripting')... Critical Unreviewed

CVE-2025-14320 was published May 4, 2026

A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and... Critical Unreviewed

CVE-2026-40470 was published Apr 23, 2026

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href... Critical Unreviewed

CVE-2026-40472 was published Apr 23, 2026

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting... Critical Unreviewed

CVE-2026-27243 was published Apr 14, 2026

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting... Critical Unreviewed

CVE-2026-27246 was published Apr 14, 2026

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting... Critical Unreviewed

CVE-2026-27245 was published Apr 14, 2026

A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and... Critical Unreviewed

CVE-2026-31845 was published Apr 11, 2026

Improper neutralization of input during web page generation ('cross-site scripting')... Critical Unreviewed

CVE-2026-39933 was published Apr 8, 2026

Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password... Critical Unreviewed

CVE-2026-3106 was published Mar 31, 2026

Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password... Critical Unreviewed

CVE-2026-3107 was published Mar 31, 2026

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory... Critical Unreviewed

CVE-2026-30562 was published Mar 30, 2026

An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary... Critical Unreviewed

CVE-2026-29859 was published Mar 18, 2026

Affected devices do not properly sanitize contents of trace files. This could allow an attacker... Critical Unreviewed

CVE-2025-40943 was published Mar 10, 2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2026-3010 was published Feb 28, 2026

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files... Critical Unreviewed

CVE-2025-65717 was published Feb 16, 2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2025-8668 was published Feb 11, 2026

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS)... Critical Unreviewed

CVE-2025-68723 was published Feb 5, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... Critical Unreviewed

CVE-2026-21264 was published Jan 23, 2026

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed

CVE-2026-1181 was published Jan 19, 2026

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling... Critical Unreviewed

CVE-2026-21624 was published Jan 16, 2026

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the... Critical Unreviewed

CVE-2026-21623 was published Jan 16, 2026

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed

CVE-2026-1009 was published Jan 16, 2026

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0... Critical Unreviewed

CVE-2025-67289 was published Dec 22, 2025

Previous1…11 Next

Previous 1 2 3 4 5 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

271 advisories