Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

364 advisories

Loading
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-66486 was published Apr 2, 2026
An attacker might be able to inject HTML content into the internal web dashboard by sending... Low Unreviewed
CVE-2026-0396 was published Mar 31, 2026
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1834 was published Mar 31, 2026
Home Assistant has stored XSS in Map-card through malicious device name Low
CVE-2026-33044 was published for homeassistant (pip) Mar 27, 2026
pwnpanda Credited to pwnpanda
OpenBao has Reflected XSS in its OIDC authentication error message Critical
CVE-2026-33758 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9... High Unreviewed
CVE-2026-2995 was published Mar 25, 2026
JustHTML is vulnerable to XSS via code fence breakout in <pre> content High
GHSA-5vp3-3cg6-2rq3 was published for justhtml (pip) Mar 24, 2026
AlfinJ0se Credited to AlfinJ0se
The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI Moderate
CVE-2026-4267 was published for johnbillion/query-monitor (Composer) Mar 19, 2026
Filament Unvalidated Range and Values summarizer values can be used for XSS High
CVE-2026-33080 was published for filament/tables (Composer) Mar 18, 2026
danharrin Credited to danharrin
XSS in @leanprover/unicode-input-component Low
CVE-2026-32732 was published for @leanprover/unicode-input-component (npm) Mar 16, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate
CVE-2026-28499 was published for leaf-kit (Swift) Mar 16, 2026
iCMDdev Credited to iCMDdev, gwynne, and 0xTim gwynne gwynne
0xTim 0xTim
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security... Moderate Unreviewed
CVE-2026-20070 was published Mar 4, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-28132 was published Feb 26, 2026
n8n Vulnerable to Stored XSS via Various Nodes High
CVE-2026-27578 was published for n8n (npm) Feb 25, 2026
ori-ron Credited to ori-ron, Aikido-Security, and nil340 Aikido-Security Aikido-Security
nil340 nil340
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module Moderate
CVE-2026-27116 was published for code.vikunja.io/api (Go) Feb 25, 2026
sudo0xksh Credited to sudo0xksh
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-25006 was published Feb 19, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-22422 was published Feb 19, 2026
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-14289 was published Feb 17, 2026
Vikunja Vulnerable to XSS Via Task Preview High
CVE-2026-25935 was published for code.vikunja.io/api (Go) Feb 11, 2026
supercoolspy Credited to supercoolspy
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18... Low Unreviewed
CVE-2026-1282 was published Feb 11, 2026
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-12803 was published Feb 7, 2026
Navidrome has XSS via comment from song metadata Moderate
CVE-2026-25578 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
AlexGustafsson Credited to AlexGustafsson
ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks... Moderate Unreviewed
CVE-2025-65924 was published Feb 3, 2026
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a... Moderate Unreviewed
CVE-2025-45160 was published Jan 29, 2026
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages Moderate
CVE-2026-24128 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jan 23, 2026
mikecole-mg Credited to mikecole-mg
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database