Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,877
Maven
5,000+
npm
4,513
NuGet
784
pip
4,257
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

39,890 advisories

Loading
Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulnerability allows an... Moderate Unreviewed
CVE-2026-1469 was published Jan 29, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload High
CVE-2026-24769 was published for nocodb (npm) Jan 28, 2026
p-
Credited to p-
DotNetNuke.Core Vulnerable to Stored XSS via Module Title Critical
CVE-2026-24838 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")... Unknown Unreviewed
CVE-2025-13983 was published Jan 28, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-0749 was published Jan 28, 2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")... Unknown Unreviewed
CVE-2025-13981 was published Jan 28, 2026
DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal High
CVE-2026-24837 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r bdukes
Credited to mojav3r and bdukes
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes High
CVE-2026-24836 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r bdukes
Credited to mojav3r and bdukes
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer Moderate
CVE-2026-24784 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
Ghost vulnerable to XSS via malicious Portal preview links High
CVE-2026-24778 was published for @tryghost/portal (npm) Jan 28, 2026
Hono vulnerable to XSS through ErrorBoundary component Moderate
CVE-2026-24771 was published for hono (npm) Jan 28, 2026
kilkat
Credited to kilkat
A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2026-1520 was published Jan 28, 2026
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu... Moderate Unreviewed
CVE-2020-36993 was published Jan 28, 2026
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities... Moderate Unreviewed
CVE-2020-36988 was published Jan 28, 2026
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-14865 was published Jan 28, 2026
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2026-1391 was published Jan 28, 2026
Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live... Moderate Unreviewed
CVE-2026-0483 was published Jan 28, 2026
The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2026-1399 was published Jan 28, 2026
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent... Moderate Unreviewed
CVE-2025-59898 was published Jan 28, 2026
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent... Moderate Unreviewed
CVE-2025-59896 was published Jan 28, 2026
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent... Moderate Unreviewed
CVE-2025-59899 was published Jan 28, 2026
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent... Moderate Unreviewed
CVE-2025-59900 was published Jan 28, 2026
The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections &... Moderate Unreviewed
CVE-2025-14283 was published Jan 28, 2026
The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2025-14063 was published Jan 28, 2026
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent... Moderate Unreviewed
CVE-2025-59897 was published Jan 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database