GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes
Moderate
CVE-2026-52774
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`
Moderate
CVE-2026-52773
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-7380
was published
Jul 7, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2025-36321
was published
Jun 30, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-50229
was published
Jun 29, 2026
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Moderate
Unreviewed
CVE-2025-64637
was published
Jun 26, 2026
Malicious HTML content could be injected into the email address of an
order, which pretix showed...
Moderate
Unreviewed
CVE-2026-13225
was published
Jun 25, 2026
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Moderate
CVE-2026-52816
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
OctoPrint has XSS in its Suppressed Command Notifications
Moderate
CVE-2026-35163
was published
for
OctoPrint
(pip)
Jun 23, 2026
An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and...
Moderate
Unreviewed
CVE-2025-62198
was published
Jun 22, 2026
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient...
Moderate
Unreviewed
CVE-2025-71331
was published
Jun 20, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-34033
was published
Jun 9, 2026
A reflected cross-site scripting issue exists in URL handling.
Moderate
Unreviewed
CVE-2026-9646
was published
May 28, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39642
was published
May 26, 2026
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
Moderate
CVE-2026-45346
was published
for
open-webui
(npm)
May 14, 2026
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2025-15345
was published
May 14, 2026
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated...
Moderate
Unreviewed
CVE-2021-47948
was published
May 10, 2026
Weblate vulnerable to XSS via crafted Markdown
Moderate
CVE-2026-44264
was published
for
weblate
(pip)
May 7, 2026
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer
Moderate
CVE-2026-35453
was published
for
phpoffice/phpspreadsheet
(Composer)
Apr 28, 2026
Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a...
Moderate
Unreviewed
CVE-2026-1564
was published
Apr 16, 2026
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have...
Moderate
Unreviewed
CVE-2026-20170
was published
Apr 15, 2026
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare
Moderate
CVE-2026-40105
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 14, 2026
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The...
Moderate
Unreviewed
CVE-2026-26460
was published
Apr 13, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39712
was published
Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39628
was published
Apr 8, 2026
ProTip!
Advisories are also available from the
GraphQL API