Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
Isso affected by Stored XSS via comment website field Moderate
CVE-2026-27469 was published for isso (pip) Feb 24, 2026
ByamB4 jelmer
Credited to ByamB4 and jelmer
LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags() Moderate
CVE-2026-27016 was published for librenms/librenms (Composer) Feb 18, 2026
decsecre583
Credited to decsecre583
Fabric.js Affected by Stored XSS via SVG Export High
CVE-2026-27013 was published for fabric (npm) Feb 18, 2026
nedlir
Credited to nedlir
jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property) High
CVE-2026-25940 was published for jspdf (npm) Feb 19, 2026
Macabely
Credited to Macabely
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method High
CVE-2026-25755 was published for jspdf (npm) Feb 19, 2026
ZeroXJacks
Credited to ZeroXJacks
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy... Low Unreviewed
CVE-2026-22712 was published Jan 9, 2026
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. Moderate Unreviewed
CVE-2025-15312 was published Feb 5, 2026
HtmlSanitizer has a bypass via template tag Moderate
CVE-2026-25543 was published for HtmlSanitizer (NuGet) Feb 3, 2026
nsysean
Credited to nsysean
CSS-based exfiltration of the content from partially encrypted emails when allowing remote... Moderate Unreviewed
CVE-2026-0818 was published Jan 28, 2026
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under... High Unreviewed
CVE-2025-9127 was published Dec 4, 2025
jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution High
CVE-2026-24737 was published for jspdf (npm) Feb 2, 2026
ahmetartuc
Credited to ahmetartuc
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include... Low Unreviewed
CVE-2026-24439 was published Jan 26, 2026
Mattermost Server does not neutralize HTML content in an Email template field Moderate
CVE-2017-18892 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
michaelfrankdynatracecom asrar-mared
Credited to michaelfrankdynatracecom and asrar-mared
Emails sent by pretix can utilize placeholders that will be filled with customer data. For... Low Unreviewed
CVE-2025-13742 was published Nov 27, 2025
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure... High Unreviewed
CVE-2025-68460 was published Dec 18, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18... Low Unreviewed
CVE-2025-12734 was published Dec 11, 2025
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18... High Unreviewed
CVE-2025-8405 was published Dec 11, 2025
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send... Moderate Unreviewed
CVE-2025-42896 was published Dec 9, 2025
Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF' High
CVE-2025-65959 was published for open-webui (npm) Dec 4, 2025
pyozzi-toss L2VE
Credited to pyozzi-toss and L2VE
A vulnerability exists where the caret ("^") character is improperly escaped constructing some... Moderate Unreviewed
CVE-2019-11717 was published May 24, 2022
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This... High Unreviewed
CVE-2025-11085 was published Nov 11, 2025
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft... Low Unreviewed
CVE-2024-42332 was published Nov 27, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database