Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-66486 was published Apr 2, 2026
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1834 was published Mar 31, 2026
The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI Moderate
CVE-2026-4267 was published for johnbillion/query-monitor (Composer) Mar 19, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate
CVE-2026-28499 was published for leaf-kit (Swift) Mar 16, 2026
iCMDdev Credited to iCMDdev, gwynne, and 0xTim gwynne gwynne
0xTim 0xTim
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security... Moderate Unreviewed
CVE-2026-20070 was published Mar 4, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-28132 was published Feb 26, 2026
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module Moderate
CVE-2026-27116 was published for code.vikunja.io/api (Go) Feb 25, 2026
sudo0xksh Credited to sudo0xksh
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-25006 was published Feb 19, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-22422 was published Feb 19, 2026
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2025-14289 was published Feb 17, 2026
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-12803 was published Feb 7, 2026
Navidrome has XSS via comment from song metadata Moderate
CVE-2026-25578 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
AlexGustafsson Credited to AlexGustafsson
ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks... Moderate Unreviewed
CVE-2025-65924 was published Feb 3, 2026
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a... Moderate Unreviewed
CVE-2025-45160 was published Jan 29, 2026
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages Moderate
CVE-2026-24128 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jan 23, 2026
mikecole-mg Credited to mikecole-mg
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-24564 was published Jan 23, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2026-22469 was published Jan 22, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-47600 was published Jan 22, 2026
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker... Moderate Unreviewed
CVE-2025-36397 was published Jan 20, 2026
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and... Moderate Unreviewed
CVE-2026-20047 was published Jan 15, 2026
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-69169 was published Jan 8, 2026
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-14792 was published Jan 7, 2026
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-15058 was published Jan 7, 2026
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker... Moderate Unreviewed
CVE-2025-36230 was published Dec 26, 2025
The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-14735 was published Dec 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database