Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
765
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

34,930 advisories

Loading
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality. Moderate Unreviewed
CVE-2025-65591 was published Dec 16, 2025
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality... Moderate Unreviewed
CVE-2025-65590 was published Dec 16, 2025
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2023-53903 was published Dec 16, 2025
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG... Low Unreviewed
CVE-2023-53900 was published Dec 16, 2025
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow... Moderate Unreviewed
CVE-2023-53897 was published Dec 16, 2025
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated... Moderate Unreviewed
CVE-2023-53898 was published Dec 16, 2025
A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1... Moderate Unreviewed
CVE-2025-29231 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup Moderate Unreviewed
CVE-2025-68165 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page Low Unreviewed
CVE-2025-68163 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page Moderate Unreviewed
CVE-2025-68268 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab Moderate Unreviewed
CVE-2025-68166 was published Dec 16, 2025
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2025-11220 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Unknown Unreviewed
CVE-2025-68078 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Unknown Unreviewed
CVE-2025-68070 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-67986 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68076 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68079 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68077 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68080 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Unknown Unreviewed
CVE-2025-67983 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-67951 was published Dec 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-67912 was published Dec 16, 2025
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed
CVE-2023-53880 was published Dec 15, 2025
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL... Moderate Unreviewed
CVE-2023-53882 was published Dec 15, 2025
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to... Moderate Unreviewed
CVE-2023-53887 was published Dec 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database