Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

39,308 advisories

Loading
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-15416 was published Jan 2, 2026
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows... Moderate Unreviewed
CVE-2025-67711 was published Jan 1, 2026
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows... Moderate Unreviewed
CVE-2025-67709 was published Jan 1, 2026
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows... Moderate Unreviewed
CVE-2025-67708 was published Jan 1, 2026
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows... Moderate Unreviewed
CVE-2025-67710 was published Jan 1, 2026
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows... Moderate Unreviewed
CVE-2025-67703 was published Jan 1, 2026
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows... Moderate Unreviewed
CVE-2025-67705 was published Jan 1, 2026
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows... Moderate Unreviewed
CVE-2025-67704 was published Jan 1, 2026
Trix has a stored XSS vulnerability through its attachment attribute Moderate
GHSA-g9jg-w8vm-g96v was published for action_text-trix (RubyGems) Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53235 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-50053 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52739 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23667 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23707 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23757 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23719 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23705 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47566 was published Dec 31, 2025
COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site... Moderate Unreviewed
CVE-2021-47743 was published Dec 31, 2025
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter... Moderate Unreviewed
CVE-2021-47725 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23608 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-59135 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62989 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-63021 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-49337 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database