GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes
Moderate
CVE-2026-52774
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`
Moderate
CVE-2026-52773
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
HTML Injection in ActiveMQ Artemis Web Console
Moderate
CVE-2022-35278
was published
for
org.apache.activemq:artemis-server
(Maven)
Aug 24, 2022
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-7380
was published
Jul 7, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2025-36321
was published
Jun 30, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-50229
was published
Jun 29, 2026
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Moderate
Unreviewed
CVE-2025-64637
was published
Jun 26, 2026
Malicious HTML content could be injected into the email address of an
order, which pretix showed...
Moderate
Unreviewed
CVE-2026-13225
was published
Jun 25, 2026
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an...
Moderate
Unreviewed
CVE-2022-35509
was published
Aug 11, 2022
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Moderate
CVE-2026-52816
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
OctoPrint has XSS in its Suppressed Command Notifications
Moderate
CVE-2026-35163
was published
for
OctoPrint
(pip)
Jun 23, 2026
An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and...
Moderate
Unreviewed
CVE-2025-62198
was published
Jun 22, 2026
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient...
Moderate
Unreviewed
CVE-2025-71331
was published
Jun 20, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-34033
was published
Jun 9, 2026
Django Filer Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2024-11404
was published
for
django-filer
(pip)
Nov 20, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2024-9147
was published
Nov 4, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-1013
was published
Mar 30, 2023
A reflected cross-site scripting issue exists in URL handling.
Moderate
Unreviewed
CVE-2026-9646
was published
May 28, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39642
was published
May 26, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-4663
was published
Sep 15, 2023
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
Moderate
CVE-2026-45346
was published
for
open-webui
(npm)
May 14, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2021-44196
was published
Mar 7, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2021-44197
was published
Mar 7, 2023
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2025-15345
was published
May 14, 2026
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated...
Moderate
Unreviewed
CVE-2021-47948
was published
May 10, 2026
ProTip!
Advisories are also available from the
GraphQL API