Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
Isso affected by Stored XSS via comment website field Moderate
CVE-2026-27469 was published for isso (pip) Feb 24, 2026
ByamB4 jelmer
Credited to ByamB4 and jelmer
LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags() Moderate
CVE-2026-27016 was published for librenms/librenms (Composer) Feb 18, 2026
decsecre583
Credited to decsecre583
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. Moderate Unreviewed
CVE-2025-15312 was published Feb 5, 2026
HtmlSanitizer has a bypass via template tag Moderate
CVE-2026-25543 was published for HtmlSanitizer (NuGet) Feb 3, 2026
nsysean
Credited to nsysean
CSS-based exfiltration of the content from partially encrypted emails when allowing remote... Moderate Unreviewed
CVE-2026-0818 was published Jan 28, 2026
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send... Moderate Unreviewed
CVE-2025-42896 was published Dec 9, 2025
There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient... Moderate Unreviewed
CVE-2025-46583 was published Oct 27, 2025
A malicious page could have used the type attribute of an OBJECT tag to override the default... Moderate Unreviewed
CVE-2025-11712 was published Oct 14, 2025
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination Moderate
CVE-2025-61912 was published for python-ldap (pip) Oct 10, 2025
aradona91
Credited to aradona91
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-0607 was published Oct 6, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-46703 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-57880 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-48007 was published Sep 19, 2025
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
EwenDC
Credited to EwenDC
In multiple locations, there is a possible way to access content across user profiles due to URI... Moderate Unreviewed
CVE-2025-0083 was published Aug 27, 2025
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed
CVE-2025-6429 was published Jun 26, 2025
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due... Moderate Unreviewed
CVE-2025-25029 was published May 28, 2025
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection... Moderate Unreviewed
CVE-2025-5271 was published May 27, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN... Moderate Unreviewed
CVE-2021-25262 was published May 21, 2025
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker... Moderate Unreviewed
CVE-2025-4084 was published Apr 29, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding... Moderate Unreviewed
CVE-2025-23377 was published Apr 28, 2025
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki -... Moderate Unreviewed
CVE-2025-32078 was published Apr 11, 2025
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core ... Moderate Unreviewed
CVE-2025-32072 was published Apr 11, 2025
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon ... Moderate Unreviewed
CVE-2025-30657 was published Apr 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database