Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,943
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

42,101 advisories

Loading
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-13584 was published Jan 22, 2025
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-13590 was published Jan 22, 2025
Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page Moderate
CVE-2024-45478 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed... Moderate Unreviewed
CVE-2024-55958 was published Jan 21, 2025
Homarr before v0.14.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2023-45908 was published Jan 21, 2025
OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious... Moderate Unreviewed
CVE-2024-48392 was published Jan 21, 2025
XSS/HTML Injection Vulnerability in Umbraco Preview Badge Moderate
CVE-2024-10761 was published for Umbraco.Cms (NuGet) Jan 21, 2025
kushkira Credited to kushkira
MathLive's Lack of Escaping of HTML allows for XSS Moderate
CVE-2025-29049 was published for mathlive (npm) Jan 21, 2025
nsysean Credited to nsysean and arnog arnog arnog
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet Moderate
CVE-2025-22131 was published for phpoffice/phpexcel (Composer) Jan 21, 2025
TRIKKSS Credited to TRIKKSS
Authenticated Stored XSS in YesWiki High
CVE-2025-24018 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Credited to bWlrYQ and Nishacid Nishacid Nishacid
Unauthenticated DOM Based XSS in YesWiki High
CVE-2025-24017 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Credited to bWlrYQ and Nishacid Nishacid Nishacid
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components Moderate
CVE-2025-24012 was published for @umbraco-cms/backoffice (npm) Jan 21, 2025
Nexusss-ppatil Credited to Nexusss-ppatil
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page Moderate Unreviewed
CVE-2025-24459 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22661 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22267 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23454 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23489 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23580 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23551 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23994 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23461 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22276 was published Jan 21, 2025
SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create... Moderate Unreviewed
CVE-2024-54795 was published Jan 21, 2025
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view... Moderate Unreviewed
CVE-2024-56990 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22709 was published Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database