Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,105 advisories

Loading
Drupal CivicTheme Design System allows Cross-Site Scripting (XSS) Moderate
CVE-2025-12083 was published for drupal/civictheme (Composer) Oct 30, 2025
Drupal Plausible tracking is vulnerable to XSS Moderate
CVE-2025-10927 was published for drupal/plausible_tracking (Composer) Oct 30, 2025
Drupal JSON Field is vulnerable to XSS Moderate
CVE-2025-10926 was published for drupal/json_field (Composer) Oct 30, 2025
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload Moderate
CVE-2025-64094 was published for DotNetNuke.Core (NuGet) Oct 29, 2025
pdstat bdukes
mitchelsellers valadas
Credited to pdstat, bdukes, mitchelsellers, and valadas
FastMCP vulnerable to reflected XSS in client's callback page Moderate
CVE-2025-62800 was published for fastmcp (pip) Oct 29, 2025
an7y
Credited to an7y
CKAN vulnerable to stored XSS in resource description Moderate
CVE-2025-54384 was published for ckan (pip) Oct 29, 2025
asifnawazminhas
Credited to asifnawazminhas
Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax Moderate
CVE-2025-62798 was published for code16/sharp (Composer) Oct 29, 2025
robyfirnandoyusuf aguingand
Credited to robyfirnandoyusuf and aguingand
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-62263 was published for com.liferay:com.liferay.account.admin.web (Maven) Oct 27, 2025
MCMS reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-60837 was published for net.mingsoft:ms-mcms (Maven) Oct 23, 2025
Piranha CMS vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2025-61413 was published for Piranha (NuGet) Oct 23, 2025
Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS) Moderate
CVE-2025-62248 was published for com.liferay:com.liferay.dynamic.data.mapping.web (Maven) Oct 22, 2025
code16 Sharp vulnerable to Cross Site Scripting (XSS) Moderate
CVE-2025-61457 was published for code16/sharp (Composer) Oct 21, 2025
Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget Moderate
CVE-2025-62249 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 21, 2025
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description Moderate
CVE-2025-62528 was published for taguette (pip) Oct 20, 2025
emilvirkki
Credited to emilvirkki
Citizen vulnerable to stored XSS in sticky header button messages Moderate
CVE-2025-62508 was published for starcitizentools/citizen-skin (Composer) Oct 20, 2025
SomeMWDev
Credited to SomeMWDev
Cargo Mediawiki Extension vulnerable to Cross-site Scripting Moderate
CVE-2025-62671 was published for mediawiki/cargo (Composer) Oct 18, 2025
ibexa/fieldtype-richtext has an XSS vulnerability via acronym custom tag in Rich Text Moderate
GHSA-8c2g-f8jm-5cr7 was published for ibexa/fieldtype-richtext (Composer) Oct 17, 2025
ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal Moderate
GHSA-2mx6-fq24-g2mh was published for ibexa/admin-ui (Composer) Oct 17, 2025
ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal Moderate
GHSA-99c7-c3mw-mxhv was published for ezsystems/ezplatform-admin-ui (Composer) Oct 17, 2025
Keycloak error_description injection on error pages that can trigger phishing attacks Moderate
CVE-2025-10044 was published for org.keycloak:keycloak-account-ui (Maven) Oct 17, 2025
bagisto has Cross Site Scripting (XSS) in Create New Customer Moderate
CVE-2025-62414 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG) Moderate
CVE-2025-62418 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML) Moderate
CVE-2025-62415 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
LibreNMS has a Stored XSS vulnerability in its Alert Transport name field Moderate
CVE-2025-62411 was published for librenms/librenms (Composer) Oct 16, 2025
at4111
Credited to at4111
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database