Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
Jenkins Gatling Plugin Vulnerable to Cross-Site Scripting (XSS) High
CVE-2025-5806 was published for org.jenkins-ci.plugins:gatling (Maven) Jun 6, 2025
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. High
CVE-2025-47783 was published for label-studio (pip) May 15, 2025
Medok228
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting High
CVE-2025-47885 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 14, 2025
Graylog Allows Session Takeover via Insufficient HTML Sanitization High
CVE-2025-46827 was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser High
GHSA-q9q2-3ppx-mwqf was published for org.graylog2:graylog2-server (Maven) May 7, 2025
fabsx00
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting High
CVE-2025-46349 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
Open WebUI stored cross-site scripting (XSS) vulnerability High
CVE-2024-7990 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack High
CVE-2024-7053 was published for open-webui (pip) Mar 20, 2025
Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-30196 was published for org.jenkins-ci.plugins:anchorchain (Maven) Mar 19, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
Moodle allows reflected XSS via question bank filter High
CVE-2025-26530 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS risk in admin live log High
CVE-2025-26529 was published for moodle/moodle (Composer) Feb 24, 2025
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation High
CVE-2025-27088 was published for github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy (Go) Feb 20, 2025
ddvleeuwen oxyno-zeta
Magento stored Cross-Site Scripting (XSS) vulnerability High
CVE-2025-24438 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24415 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24410 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24412 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24417 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24416 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24414 was published for magento/community-edition (Composer) Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database