Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

40,524 advisories

Loading
Copyparty vulnerable to reflected XSS via setck parameter Moderate
CVE-2026-27948 was published for copyparty (pip) Feb 26, 2026
iiDk-the-actual Credited to iiDk-the-actual
Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers Moderate
CVE-2026-27902 was published for svelte (npm) Feb 26, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github, KarimPwnz, and maksyche KarimPwnz KarimPwnz
maksyche maksyche
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent` Moderate
CVE-2026-27901 was published for svelte (npm) Feb 26, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github and KarimPwnz KarimPwnz KarimPwnz
A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of... Moderate Unreviewed
CVE-2025-56605 was published Feb 26, 2026
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', in ... Moderate Unreviewed
CVE-2026-2677 was published Feb 26, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-14343 was published Feb 26, 2026
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name',... Moderate Unreviewed
CVE-2026-2678 was published Feb 26, 2026
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter ... Moderate Unreviewed
CVE-2026-2680 was published Feb 26, 2026
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName',... Moderate Unreviewed
CVE-2026-2679 was published Feb 26, 2026
Storybook Dev Server is Vulnerable to WebSocket Hijacking High
CVE-2026-27148 was published for storybook (npm) Feb 26, 2026
Aikido-Security Credited to Aikido-Security, reindaelman, grumpinout1, and JorianWoltjer reindaelman reindaelman
grumpinout1 grumpinout1 JorianWoltjer JorianWoltjer
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3... High Unreviewed
CVE-2025-64999 was published Feb 26, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-28083 was published Feb 26, 2026
Some HTTP security headers are not properly set by the web server when sending responses to the... Low Unreviewed
CVE-2026-1696 was published Feb 26, 2026
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue... Moderate Unreviewed
CVE-2026-1695 was published Feb 26, 2026
The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-2029 was published Feb 26, 2026
The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-2489 was published Feb 26, 2026
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-2499 was published Feb 26, 2026
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-2498 was published Feb 26, 2026
The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in... Moderate Unreviewed
CVE-2026-2506 was published Feb 26, 2026
Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover Critical
CVE-2026-27822 was published for rustfs (Rust) Feb 25, 2026
naoyashiga Credited to naoyashiga
Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure High
CVE-2026-27616 was published for code.vikunja.io/api (Go) Feb 25, 2026
iamsampathk Credited to iamsampathk and sudo0xksh sudo0xksh sudo0xksh
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module Moderate
CVE-2026-27116 was published for code.vikunja.io/api (Go) Feb 25, 2026
sudo0xksh Credited to sudo0xksh
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18... High Unreviewed
CVE-2026-0752 was published Feb 25, 2026
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor... High Unreviewed
CVE-2026-22720 was published Feb 25, 2026
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute Moderate
CVE-2026-25736 was published for rucio-webui (pip) Feb 25, 2026
d-woosley Credited to d-woosley
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database