GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes
Moderate
CVE-2026-52774
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`
Moderate
CVE-2026-52773
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Moderate
CVE-2026-52816
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
OctoPrint has XSS in its Suppressed Command Notifications
Moderate
CVE-2026-35163
was published
for
OctoPrint
(pip)
Jun 23, 2026
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
Moderate
CVE-2026-45346
was published
for
open-webui
(npm)
May 14, 2026
Weblate vulnerable to XSS via crafted Markdown
Moderate
CVE-2026-44264
was published
for
weblate
(pip)
May 7, 2026
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer
Moderate
CVE-2026-35453
was published
for
phpoffice/phpspreadsheet
(Composer)
Apr 28, 2026
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare
Moderate
CVE-2026-40105
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 14, 2026
The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI
Moderate
CVE-2026-4267
was published
for
johnbillion/query-monitor
(Composer)
Mar 19, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS
Moderate
CVE-2026-28499
was published
for
github.com/vapor/leaf-kit
(Swift)
Mar 16, 2026
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module
Moderate
CVE-2026-27116
was published
for
code.vikunja.io/api
(Go)
Feb 25, 2026
Navidrome has XSS via comment from song metadata
Moderate
CVE-2026-25578
was published
for
github.com/navidrome/navidrome
(Go)
Feb 4, 2026
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
Moderate
CVE-2026-24128
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jan 23, 2026
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
Moderate
CVE-2025-66472
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Dec 10, 2025
Apache SkyWalking has a stored XSS vulnerability
Moderate
CVE-2025-54057
was published
for
org.apache.skywalking:apm-webapp
(Maven)
Nov 27, 2025
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Moderate
CVE-2025-64187
was published
for
octoprint
(pip)
Nov 4, 2025
bagisto has Cross Site Scripting (XSS) in Create New Customer
Moderate
CVE-2025-62414
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
Moderate
CVE-2025-62418
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Moderate
CVE-2025-62415
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-55672
was published
for
apache-superset
(pip)
Aug 14, 2025
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags
Moderate
GHSA-jf6p-4hgv-v6qh
was published
for
leantime/leantime
(Composer)
Mar 28, 2025
•
withdrawn
Froxlor has an HTML Injection Vulnerability
Moderate
CVE-2025-48958
was published
for
froxlor/froxlor
(Composer)
Mar 11, 2025
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Moderate
CVE-2025-27155
was published
for
github.com/matrix-org/pinecone
(Go)
Mar 4, 2025
Formwork has a cross-site scripting (XSS) vulnerability in Site title
Moderate
GHSA-vf6x-59hh-332f
was published
for
getformwork/formwork
(Composer)
Mar 1, 2025
Leantime affected by Improper Neutralization of HTML Tags
Moderate
CVE-2025-28254
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
ProTip!
Advisories are also available from the
GraphQL API