Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,212
NuGet
744
pip
3,988
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

364 advisories

Loading
Flowise vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel Critical
GHSA-964p-j4gg-mhwc was published for flowise (npm) Oct 3, 2025
mikensec
Credited to mikensec
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module Critical
CVE-2025-59545 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes valadas
mitchelsellers
Credited to bdukes, valadas, and mitchelsellers
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross... Critical Unreviewed
CVE-2025-52161 was published Sep 8, 2025
An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker... Critical Unreviewed
CVE-2025-26210 was published Sep 3, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack... Critical Unreviewed
CVE-2024-12223 was published Aug 20, 2025
Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report... Critical Unreviewed
CVE-2025-50754 was published Aug 4, 2025
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter ... Critical Unreviewed
CVE-2025-44136 was published Jul 29, 2025
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for... Critical Unreviewed
CVE-2025-54299 was published Jul 28, 2025
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. Critical Unreviewed
CVE-2025-54298 was published Jul 28, 2025
Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute... Critical Unreviewed
CVE-2025-46199 was published Jul 25, 2025
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter... Critical Unreviewed
CVE-2025-41420 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality... Critical Unreviewed
CVE-2025-53084 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId... Critical Unreviewed
CVE-2025-46410 was published Jul 24, 2025
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter... Critical Unreviewed
CVE-2025-50128 was published Jul 24, 2025
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2... Critical Unreviewed
CVE-2020-26799 was published Jul 21, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Credited to odaysec
XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax Critical
CVE-2025-53835 was published for org.xwiki.rendering:xwiki-rendering-syntax-xhtml (Maven) Jul 14, 2025
lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An... Critical Unreviewed
CVE-2025-4779 was published Jul 7, 2025
User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) ... Critical Unreviewed
CVE-2025-53484 was published Jul 4, 2025
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the... Critical Unreviewed
CVE-2025-53599 was published Jul 4, 2025
A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of... Critical Unreviewed
CVE-2025-1987 was published Jun 22, 2025
Magneto contains stored XSS vulnerability Critical
CVE-2025-47110 was published for magento/community-edition (Composer) Jun 10, 2025
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to... Critical Unreviewed
CVE-2025-44148 was published Jun 3, 2025
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Credited to Ry0taK and crenshaw-dev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database