Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

42,031 advisories

Loading
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by... Low Unreviewed
CVE-2026-7596 was published May 1, 2026
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90.... Moderate Unreviewed
CVE-2025-69606 was published May 1, 2026
Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is... Moderate Unreviewed
CVE-2026-37503 was published May 1, 2026
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a ... Moderate Unreviewed
CVE-2026-40201 was published May 1, 2026
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2026-6127 was published May 1, 2026
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-13362 was published May 1, 2026
A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function... Low Unreviewed
CVE-2026-7501 was published Apr 30, 2026
SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing... Low Unreviewed
CVE-2026-7429 was published Apr 30, 2026
A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint... Moderate Unreviewed
CVE-2026-36763 was published Apr 30, 2026
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the... Moderate Unreviewed
CVE-2026-36766 was published Apr 30, 2026
A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite... Moderate Unreviewed
CVE-2026-36761 was published Apr 30, 2026
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to... Moderate Unreviewed
CVE-2026-38940 was published Apr 30, 2026
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to... Moderate Unreviewed
CVE-2026-38939 was published Apr 30, 2026
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS High
CVE-2026-40171 was published for @jupyter-notebook/help-extension (npm) Apr 30, 2026
dtrops Credited to dtrops, Carreau, Yann-P, krassowski, and jtpio Carreau Carreau
Yann-P Yann-P krassowski krassowski jtpio jtpio
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application... Moderate Unreviewed
CVE-2026-1493 was published Apr 30, 2026
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion Moderate
CVE-2026-41661 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive... Low Unreviewed
CVE-2026-7401 was published Apr 29, 2026
MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2018-25309 was published Apr 29, 2026
ipl/web is vulnerable to reflected XSS by malformed search requests High
CVE-2026-42224 was published for ipl/web (Composer) Apr 29, 2026
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The... Low Unreviewed
CVE-2026-7390 was published Apr 29, 2026
Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering... Moderate Unreviewed
CVE-2026-40230 was published Apr 29, 2026
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute... Moderate Unreviewed
CVE-2025-56535 was published Apr 29, 2026
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0... Moderate Unreviewed
CVE-2025-56537 was published Apr 29, 2026
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10... Moderate Unreviewed
CVE-2025-56534 was published Apr 29, 2026
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to... Moderate Unreviewed
CVE-2025-56536 was published Apr 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database