GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,252
Maven
5,000+
npm
3,904
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,831 advisories
Filter by severity
OctoberCMS Cross-Site Scripting
Moderate
CVE-2017-15284
was published
for
october/rain
(Composer)
May 13, 2022
Laravel Starter Cross Site Scripting (XSS)
Moderate
CVE-2025-26159
was published
for
nasirkhan/laravel-starter
(Composer)
Apr 22, 2025
MODX Revolution XSS via HTTP Host header
Moderate
CVE-2017-9071
was published
for
modx/revolution
(Composer)
May 17, 2022
MODX Revolution cross-site scripting vulnerability
Moderate
CVE-2017-9070
was published
for
modx/revolution
(Composer)
May 17, 2022
MODX Revolution Reflected XSS
Moderate
CVE-2017-9068
was published
for
modx/revolution
(Composer)
May 17, 2022
TeamPass vulnerable to Cross-site Scripting
Moderate
CVE-2015-7562
was published
for
nilsteampassnet/teampass
(Composer)
May 17, 2022
io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
Moderate
CVE-2025-32951
was published
for
io.jmix.rest:jmix-rest
(Maven)
Apr 22, 2025
XSS in the /download Endpoint of the JPA Web API
Moderate
CVE-2025-32961
was published
for
com.haulmont.addon.jpawebapi:jpawebapi-jpawebapi
(Maven)
Apr 22, 2025
XSS in the /files Endpoint of the Generic REST API
Moderate
CVE-2025-32960
was published
for
com.haulmont.addon.restapi:restapi-rest-api
(Maven)
Apr 22, 2025
The Reporting Addon for CUBA Platform has Persistent XSS
Moderate
CVE-2018-20663
was published
for
com.haulmont.cuba:cuba-web-toolkit
(Maven)
May 14, 2022
WSO2 Carbon vulnerable to Cross-site Scripting
Moderate
CVE-2016-4316
was published
for
org.wso2.carbon.commons:org.wso2.carbon.messageflows.ui
(Maven)
May 14, 2022
Web2py Reflected XSS vulnerability
Moderate
CVE-2016-4807
was published
for
web2py
(pip)
May 17, 2022
one-api Cross-site Scripting vulnerability
Moderate
CVE-2025-3801
was published
for
github.com/songquanpeng/one-api
(Go)
Apr 19, 2025
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-41447
was published
for
org.opencms:opencms-core
(Maven)
Apr 18, 2025
OpenCMS cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-41446
was published
for
org.opencms:opencms-core
(Maven)
Apr 21, 2025
QMarkdown Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-43954
was published
for
@quasar/quasar-ui-qmarkdown
(npm)
Apr 20, 2025
Cross Site Scripting vulnerability in Contribsys Sidekiq
Moderate
CVE-2023-46950
was published
for
sidekiq-unique-jobs
(RubyGems)
Mar 1, 2024
Liferay Cross-site Scripting vulnerability
Moderate
CVE-2025-3760
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Apr 17, 2025
PEAR HTTP_Request2 vulnerable to Cross-site Scripting
Moderate
CVE-2025-43717
was published
for
pear/http_request2
(Composer)
Apr 17, 2025
Cross site scripting in the system log
Moderate
CVE-2021-35210
was published
for
contao/contao
(Composer)
Jul 1, 2021
Cross site scripting via input unit widget
Moderate
CVE-2023-36806
was published
for
contao/core-bundle
(Composer)
Jul 25, 2023
golang.org/x/net vulnerable to Cross-site Scripting
Moderate
CVE-2025-22872
was published
for
golang.org/x/net
(Go)
Apr 16, 2025
Cross-site Scripting in MobileDetect
Moderate
CVE-2018-25080
was published
for
mobiledetect/mobiledetectlib
(Composer)
Feb 4, 2023
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
Moderate
CVE-2025-32388
was published
for
@sveltejs/kit
(npm)
Apr 14, 2025
Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
Moderate
CVE-2022-44380
was published
for
snipe/snipe-it
(Composer)
Dec 25, 2022
ProTip!
Advisories are also available from the
GraphQL API