Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,212
NuGet
744
pip
3,988
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,924 advisories

Loading
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting Moderate
CVE-2025-61788 was published for org.opencastproject:opencast-common (Maven) Oct 8, 2025
miesgre
Credited to miesgre
Liferay Profile Widget does not prevent vCard extension spoofing Moderate
CVE-2025-43824 was published for com.liferay.portal:release.portal.bom (Maven) Oct 7, 2025
Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel High
GHSA-7rgr-72hp-9wp3 was published for flowise (npm) Oct 6, 2025 withdrawn
Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot High
GHSA-wq95-wr7m-26h4 was published for flowise (npm) Oct 6, 2025 withdrawn
Flowise Stored XSS vulnerability through logs in chatbot Moderate
GHSA-7r4h-vmj9-wg42 was published for flowise (npm) Oct 3, 2025
LIFE-team2024
Credited to LIFE-team2024
Flowise vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel Critical
GHSA-964p-j4gg-mhwc was published for flowise (npm) Oct 3, 2025
mikensec
Credited to mikensec
Flowise vulnerable to XSS Moderate
GHSA-4fr9-3x69-36wv was published for flowise (npm) Oct 3, 2025
quitbug
Credited to quitbug
NiceGUI has a Reflected XSS Moderate
CVE-2025-53354 was published for nicegui (pip) Oct 3, 2025
oxqnd
Credited to oxqnd
Fiora chat group avatar is vulnerable to XSS via SVG files Low
CVE-2025-56515 was published for fiora (npm) Oct 1, 2025
Fiora chat user avatar is vulnerable to XSS via SVG files Low
CVE-2025-56514 was published for fiora (npm) Oct 1, 2025
Liferay Portal Vulnerable to XSS in Web Content translation Moderate
CVE-2025-43826 was published for com.liferay.portal:release.portal.bom (Maven) Oct 1, 2025
Joomla! CMS vulnerable to XSS via the input filter Moderate
CVE-2025-54476 was published for joomla/filter (Composer) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the web content template Moderate
CVE-2025-43812 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the related asset selector Moderate
CVE-2025-43811 was published for com.liferay:com.liferay.item.selector.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page Moderate
CVE-2025-43815 was published for com.liferay:com.liferay.product.navigation.control.menu.web (Maven) Sep 30, 2025
Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter Moderate
CVE-2025-43817 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43820 was published for com.liferay.portal:release.portal.bom (Maven) Sep 30, 2025
Liferay Portal vulnerable to cross-site scripting in the Calendar widget Moderate
CVE-2025-43818 was published for com.liferay:com.liferay.calendar.web (Maven) Sep 30, 2025
PiranhaCMS stored XSS Moderate
CVE-2025-57692 was published for Piranha (NuGet) Sep 26, 2025
Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes High
CVE-2025-59839 was published for starcitizenwiki/embedvideo (Composer) Sep 24, 2025
SomeMWDev
Credited to SomeMWDev
Mangati NovoSGA XSS vulnerability in /admin Low
CVE-2025-10909 was published for novosga/novosga (Composer) Sep 24, 2025
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability Low
CVE-2025-57407 was published for gp247/core (Composer) Sep 23, 2025
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-4760 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.api (Maven) Sep 23, 2025
cai0duque
Credited to cai0duque
DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile Moderate
CVE-2025-59821 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
DNN Vulnerable to Stored XSS Using Backend Admin Credentials Low
CVE-2025-59546 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database