GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
241 advisories
Filter by severity
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-7380
was published
Jul 7, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2025-36321
was published
Jun 30, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-50229
was published
Jun 29, 2026
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Moderate
Unreviewed
CVE-2025-64637
was published
Jun 26, 2026
Malicious HTML content could be injected into the email address of an
order, which pretix showed...
Moderate
Unreviewed
CVE-2026-13225
was published
Jun 25, 2026
An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and...
Moderate
Unreviewed
CVE-2025-62198
was published
Jun 22, 2026
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient...
Moderate
Unreviewed
CVE-2025-71331
was published
Jun 20, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-34033
was published
Jun 9, 2026
A reflected cross-site scripting issue exists in URL handling.
Moderate
Unreviewed
CVE-2026-9646
was published
May 28, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39642
was published
May 26, 2026
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2025-15345
was published
May 14, 2026
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated...
Moderate
Unreviewed
CVE-2021-47948
was published
May 10, 2026
Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a...
Moderate
Unreviewed
CVE-2026-1564
was published
Apr 16, 2026
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have...
Moderate
Unreviewed
CVE-2026-20170
was published
Apr 15, 2026
A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The...
Moderate
Unreviewed
CVE-2026-26460
was published
Apr 13, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39712
was published
Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39628
was published
Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39629
was published
Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39626
was published
Apr 8, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39625
was published
Apr 8, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39837
was published
Apr 7, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39841
was published
Apr 7, 2026
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2026-39839
was published
Apr 7, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could...
Moderate
Unreviewed
CVE-2025-66486
was published
Apr 2, 2026
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2026-1834
was published
Mar 31, 2026
ProTip!
Advisories are also available from the
GraphQL API