GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
415 advisories
Filter by severity
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes
Moderate
CVE-2026-52774
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`
Moderate
CVE-2026-52773
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-7380
was published
Jul 7, 2026
mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function
High
CVE-2026-52854
was published
for
mediawiki/maps
(Composer)
Jul 2, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2025-36321
was published
Jun 30, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-50229
was published
Jun 29, 2026
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Moderate
Unreviewed
CVE-2025-64637
was published
Jun 26, 2026
Malicious HTML content could be injected into the page pretix shows when
redirection to an...
Low
Unreviewed
CVE-2026-57533
was published
Jun 25, 2026
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Low
Unreviewed
CVE-2026-57534
was published
Jun 25, 2026
Content injected to PDF rendering contexts could, in many places, include HTML content including ...
Low
Unreviewed
CVE-2026-57535
was published
Jun 25, 2026
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Low
Unreviewed
CVE-2026-13314
was published
Jun 25, 2026
Malicious HTML content contained in the layout specification of a PDF
ticket or badge layout was...
High
Unreviewed
CVE-2026-57532
was published
Jun 25, 2026
Malicious HTML content could be injected into the email address of an
order, which pretix showed...
Moderate
Unreviewed
CVE-2026-13225
was published
Jun 25, 2026
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Moderate
CVE-2026-52816
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
OctoPrint has XSS in its Suppressed Command Notifications
Moderate
CVE-2026-35163
was published
for
OctoPrint
(pip)
Jun 23, 2026
An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and...
Moderate
Unreviewed
CVE-2025-62198
was published
Jun 22, 2026
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient...
Moderate
Unreviewed
CVE-2025-71331
was published
Jun 20, 2026
Gogs: XSS in .ipynb files renderer due to outdated notebookjs
High
GHSA-6vxv-wg6j-5qwp
was published
for
gogs.io/gogs
(Go)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled
High
CVE-2026-55692
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template
High
CVE-2026-55691
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text
High
CVE-2026-55690
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
Astro: Reflected XSS via unescaped slot name
High
CVE-2026-50146
was published
for
astro
(npm)
Jun 16, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-34033
was published
Jun 9, 2026
A reflected cross-site scripting issue exists in URL handling.
Moderate
Unreviewed
CVE-2026-9646
was published
May 28, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39642
was published
May 26, 2026
ProTip!
Advisories are also available from the
GraphQL API