Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

330 advisories

Loading
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted... Critical Unreviewed
CVE-2024-4180 was published Jun 4, 2024
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to... Critical Unreviewed
CVE-2022-42711 was published Oct 12, 2022
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at... Critical Unreviewed
CVE-2022-41391 was published Oct 14, 2022
Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance... Critical Unreviewed
CVE-2024-10865 was published May 14, 2025
Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-43567 was published May 13, 2025
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because... Critical Unreviewed
CVE-2024-2692 was published Apr 4, 2024
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8,... Critical Unreviewed
CVE-2022-2826 was published Oct 29, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names... Critical Unreviewed
CVE-2021-43523 was published May 24, 2022
org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content Critical
CVE-2025-46558 was published for org.xwiki.contrib.markdown:syntax-markdown-commonmark12 (Maven) Apr 30, 2025
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php... Critical Unreviewed
CVE-2022-36180 was published Nov 22, 2022
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low... Critical Unreviewed
CVE-2022-37720 was published Nov 25, 2022
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2... Critical Unreviewed
CVE-2022-31358 was published Dec 14, 2022
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery... Critical Unreviewed
CVE-2016-9470 was published May 13, 2022
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Critical Unreviewed
CVE-2022-40434 was published Dec 20, 2022
Due to lack of server-side input validation, attackers can inject malicious JavaScript code into... Critical Unreviewed
CVE-2025-24297 was published Apr 16, 2025
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360... Critical Unreviewed
CVE-2022-47523 was published Jan 5, 2023
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd gabby202308
Cross-site Scripting in MLFlow Critical
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering Critical
CVE-2025-2946 was published for pgadmin4 (pip) Apr 3, 2025
The specific component in Celk Saude 3.1.252.1 that processes user input and returns error... Critical Unreviewed
CVE-2024-48761 was published Jan 30, 2025
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the... Critical Unreviewed
CVE-2024-8017 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database