Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,968 advisories

Loading
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
XWiki allows Reflected XSS in two templates Moderate
CVE-2025-32430 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 5, 2025
Liferay Portal CAPTCHA Bypass for Gogo Shell Moderate
CVE-2025-4604 was published for com.liferay:com.liferay.captcha.impl (Maven) Aug 5, 2025
Apache Zeppelin: XSS in the Helium module Moderate
CVE-2024-41177 was published for org.apache.zeppelin:zeppelin-web (Maven) Aug 3, 2025
Microweber has Reflected XSS Vulnerability in the id Parameter Moderate
CVE-2025-51501 was published for microweber/microweber (Composer) Aug 1, 2025
Microweber has Reflected XSS Vulnerability in the layout Parameter Moderate
CVE-2025-51502 was published for microweber/microweber (Composer) Aug 1, 2025
Microweber XSS Vulnerability in the homepage Endpoint Moderate
CVE-2025-51504 was published for microweber/microweber (Composer) Aug 1, 2025
copyparty Reflected XSS via Filter Parameter Moderate
CVE-2025-54589 was published for copyparty (pip) Jul 31, 2025
Ju0x
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin Moderate
CVE-2025-24854 was published for org.apache.jspwiki:jspwiki-main (Maven) Jul 31, 2025
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering Moderate
CVE-2025-24853 was published for org.apache.jspwiki:jspwiki-main (Maven) Jul 31, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs Moderate
CVE-2025-50738 was published for github.com/usememos/memos (Go) Jul 29, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata Moderate
CVE-2025-54423 was published for copyparty (pip) Jul 28, 2025
altperfect
Withdrawn Advisory: CodeIgniter4 Cross-Site Scripting Vulnerability in debugbar_time Parameter Moderate
CVE-2025-45406 was published for codeigniter4/framework (Composer) Jul 25, 2025 withdrawn
michalsn
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
Harbor repository description page has Cross-site Scripting vulnerability Moderate
CVE-2025-32019 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes Moderate
CVE-2025-53892 was published for @intlify/core (npm) Jul 16, 2025
luoingly
Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console Moderate
CVE-2024-10032 was published for org.glassfish.main.admingui:console-cluster-plugin (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications Moderate
CVE-2024-10031 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console Moderate
CVE-2024-9343 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console Moderate
CVE-2024-10029 was published for org.glassfish.main.admingui:console-cluster-plugin (Maven) Jul 16, 2025
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates Moderate
CVE-2025-53865 was published for roundup (pip) Jul 13, 2025
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation Moderate
CVE-2025-53626 was published for @pdfme/common (npm) Jul 10, 2025
arkark
Cockpit - Content Platform vulnerable to XSS through name or email argument names Moderate
CVE-2025-7053 was published for cockpit-hq/cockpit (Composer) Jul 4, 2025
Gogs XSS allowed by stored call in PDF renderer Moderate
CVE-2025-47943 was published for github.com/gogs/gogs (Go) Jun 26, 2025
edoardottt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database