Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,955
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

465 advisories

Loading
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
zly123987
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting High
CVE-2025-47885 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 14, 2025
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. High
CVE-2025-47783 was published for label-studio (pip) May 15, 2025
Medok228
Graylog Allows Session Takeover via Insufficient HTML Sanitization High
CVE-2025-46827 was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser High
GHSA-q9q2-3ppx-mwqf was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45401 was published for org.jenkins-ci.main:associated-files-plugin (Maven) Nov 16, 2022
NotMyFault
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting High
CVE-2025-46349 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Rancher UI has Stored Cross-site Scripting vulnerability High
CVE-2024-52281 was published for github.com/rancher/rancher (Go) Jan 14, 2025
phpMyAdmin allows remote attackers to spoof content via the url parameter High
CVE-2015-7873 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Open WebUI stored cross-site scripting (XSS) vulnerability High
CVE-2024-7990 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack High
CVE-2024-7053 was published for open-webui (pip) Mar 20, 2025
Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-30196 was published for org.jenkins-ci.plugins:anchorchain (Maven) Mar 19, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
Magento Open Source allows Cross-Site Scripting (XSS) High
CVE-2024-20719 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Stored Cross-Site Scripting (Stored XSS) High
CVE-2022-35698 was published for magento/community-edition (Composer) Oct 15, 2022
Magento stored Cross-Site Scripting (XSS) vulnerability High
CVE-2025-24438 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24417 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24412 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24413 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24415 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24416 was published for magento/community-edition (Composer) Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database