GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function
High
CVE-2026-52854
was published
for
mediawiki/maps
(Composer)
Jul 2, 2026
Malicious HTML content contained in the layout specification of a PDF
ticket or badge layout was...
High
Unreviewed
CVE-2026-57532
was published
Jun 25, 2026
Gogs: XSS in .ipynb files renderer due to outdated notebookjs
High
GHSA-6vxv-wg6j-5qwp
was published
for
gogs.io/gogs
(Go)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled
High
CVE-2026-55692
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template
High
CVE-2026-55691
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text
High
CVE-2026-55690
was published
for
starcitizenwiki/embedvideo
(Composer)
Jun 19, 2026
Astro: Reflected XSS via unescaped slot name
High
CVE-2026-50146
was published
for
astro
(npm)
Jun 16, 2026
md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
High
CVE-2026-46492
was published
for
md-fileserver
(npm)
May 21, 2026
Filament Unvalidated Range and Values summarizer values can be used for XSS
High
CVE-2026-33080
was published
for
filament/tables
(Composer)
Mar 18, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE...
High
Unreviewed
CVE-2024-2010
was published
Sep 12, 2024
YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers
High
CVE-2026-43939
was published
for
YAFNET.Core
(NuGet)
May 5, 2026
YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
High
CVE-2026-43938
was published
for
YAFNET.Core
(NuGet)
May 5, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
High
Unreviewed
CVE-2026-6002
was published
May 7, 2026
@tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin
High
GHSA-g485-8j3v-p6x8
was published
for
@tdurieux/anonymous_github
(npm)
May 5, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
High
Unreviewed
CVE-2024-44061
was published
Oct 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-51689
was published
Nov 9, 2024
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9...
High
Unreviewed
CVE-2026-2995
was published
Mar 25, 2026
JustHTML is vulnerable to XSS via code fence breakout in <pre> content
High
GHSA-5vp3-3cg6-2rq3
was published
for
justhtml
(pip)
Mar 24, 2026
n8n Vulnerable to Stored XSS via Various Nodes
High
CVE-2026-27578
was published
for
n8n
(npm)
Feb 25, 2026
Vikunja Vulnerable to XSS Via Task Preview
High
CVE-2026-25935
was published
for
code.vikunja.io/api
(Go)
Feb 11, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
High
Unreviewed
CVE-2025-60244
was published
Nov 6, 2025
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via...
High
Unreviewed
CVE-2025-14835
was published
Jan 7, 2026
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised...
High
Unreviewed
CVE-2025-39663
was published
Oct 30, 2025
Astro vulnerable to reflected XSS via the server islands feature
High
CVE-2025-64764
was published
for
astro
(npm)
Nov 19, 2025
ProTip!
Advisories are also available from the
GraphQL API