Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,798
Maven
5,000+
npm
4,424
NuGet
772
pip
4,192
Pub
12
RubyGems
968
Rust
1,083
Swift
46
Unreviewed advisories
All unreviewed
5,000+

39,457 advisories

Loading
The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2025-14436 was published Jan 9, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2026-22713 was published Jan 9, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2026-22710 was published Jan 9, 2026
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is... Moderate Unreviewed
CVE-2026-0730 was published Jan 9, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2026-22714 was published Jan 9, 2026
Salvo is vulnerable to reflected XSS in the list_html function High
CVE-2026-22256 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari mwlik
imenyoo2
Credited to AhmedMokhtari, mwlik, and imenyoo2
Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names High
CVE-2026-22257 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari imenyoo2
mwlik
Credited to AhmedMokhtari, imenyoo2, and mwlik
React Router vulnerable to XSS via Open Redirects High
CVE-2026-22029 was published for @remix-run/router (npm) Jan 8, 2026
Oceandust
Credited to Oceandust
React Router SSR XSS in ScrollRestoration High
CVE-2026-21884 was published for @remix-run/react (npm) Jan 8, 2026
zaddy6 arthurgervais
Credited to zaddy6 and arthurgervais
React Router has XSS Vulnerability High
CVE-2025-59057 was published for @remix-run/react (npm) Jan 8, 2026
zaddy6 arthurgervais
Credited to zaddy6 and arthurgervais
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS High
CVE-2026-21873 was published for nicegui (pip) Jan 8, 2026
evnchn falkoschindler
Credited to evnchn and falkoschindler
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links Moderate
CVE-2026-21872 was published for nicegui (pip) Jan 8, 2026
evnchn xx-mikusan-xx
falkoschindler
Credited to evnchn, xx-mikusan-xx, and falkoschindler
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() Moderate
CVE-2026-21871 was published for nicegui (pip) Jan 8, 2026
xx-mikusan-xx evnchn
falkoschindler
Credited to xx-mikusan-xx, evnchn, and falkoschindler
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the... Moderate Unreviewed
CVE-2026-22231 was published Jan 8, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-22518 was published Jan 8, 2026
Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated... Moderate Unreviewed
CVE-2026-22587 was published Jan 8, 2026
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number"... Moderate Unreviewed
CVE-2026-22232 was published Jan 8, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-22519 was published Jan 8, 2026
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the ... Moderate Unreviewed
CVE-2026-22233 was published Jan 8, 2026
Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg... Moderate Unreviewed
CVE-2025-61549 was published Jan 8, 2026
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp... Moderate Unreviewed
CVE-2025-61550 was published Jan 8, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2026-0671 was published Jan 8, 2026
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields ... High Unreviewed
CVE-2025-63611 was published Jan 8, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-68874 was published Jan 8, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-68875 was published Jan 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database