Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,778
Maven
5,000+
npm
4,379
NuGet
770
pip
4,150
Pub
12
RubyGems
963
Rust
1,071
Swift
45
Unreviewed advisories
All unreviewed
5,000+

39,178 advisories

Loading
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded.... Moderate Unreviewed
CVE-2025-15149 was published Dec 28, 2025
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the... Moderate Unreviewed
CVE-2025-15145 was published Dec 28, 2025
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function... Moderate Unreviewed
CVE-2025-15146 was published Dec 28, 2025
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the... Moderate Unreviewed
CVE-2025-15144 was published Dec 28, 2025
A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function... Moderate Unreviewed
CVE-2025-15134 was published Dec 28, 2025
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox High
CVE-2025-61914 was published for n8n (npm) Dec 26, 2025
nlgbao1340
Credited to nlgbao1340
A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as... Moderate Unreviewed
CVE-2025-67349 was published Dec 26, 2025
Gitea vulnerable to Cross-site Scripting Moderate
CVE-2025-68946 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text Moderate
CVE-2025-68942 was published for code.gitea.io/gitea (Go) Dec 26, 2025
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414... Moderate Unreviewed
CVE-2025-15094 was published Dec 26, 2025
A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an... Moderate Unreviewed
CVE-2025-15095 was published Dec 26, 2025
A security flaw has been discovered in sunkaifei FlyCMS up to... Moderate Unreviewed
CVE-2025-15093 was published Dec 26, 2025
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer. Moderate Unreviewed
CVE-2025-68936 was published Dec 25, 2025
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings... Moderate Unreviewed
CVE-2025-68935 was published Dec 25, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-2406 was published Dec 25, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-2307 was published Dec 25, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-2405 was published Dec 25, 2025
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted... Moderate Unreviewed
CVE-2025-68915 was published Dec 24, 2025
ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is... Moderate Unreviewed
CVE-2025-68917 was published Dec 24, 2025
Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow... Moderate Unreviewed
CVE-2019-25244 was published Dec 24, 2025
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting... Moderate Unreviewed
CVE-2019-25234 was published Dec 24, 2025
AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting... Moderate Unreviewed
CVE-2019-25233 was published Dec 24, 2025
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting... Moderate Unreviewed
CVE-2018-25131 was published Dec 24, 2025
MyNET up to v26.08 was discovered to contain a reflected cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2024-35322 was published Dec 24, 2025
A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to... Moderate Unreviewed
CVE-2024-40317 was published Dec 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database