Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

39,672 advisories

Loading
SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon Low
CVE-2026-23847 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 21, 2026
jaroslaw-wawiorko
Credited to jaroslaw-wawiorko
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability High
CVE-2026-22808 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490 iansltx
Credited to prateek-0490 and iansltx
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12... Moderate Unreviewed
CVE-2025-36066 was published Jan 20, 2026
IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an... Moderate Unreviewed
CVE-2025-36408 was published Jan 20, 2026
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12... Moderate Unreviewed
CVE-2025-36113 was published Jan 20, 2026
IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an... Moderate Unreviewed
CVE-2025-36409 was published Jan 20, 2026
IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2025-36396 was published Jan 20, 2026
Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-67263 was published Jan 20, 2026
The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2026-0690 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58087 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58089 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58093 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58090 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58094 was published Jan 20, 2026
The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-0608 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58088 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58092 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58091 was published Jan 20, 2026
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php... Moderate Unreviewed
CVE-2025-58095 was published Jan 20, 2026
A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of... Moderate Unreviewed
CVE-2025-57881 was published Jan 20, 2026
A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality... Moderate Unreviewed
CVE-2025-55071 was published Jan 20, 2026
A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality... Moderate Unreviewed
CVE-2025-54861 was published Jan 20, 2026
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of... Moderate Unreviewed
CVE-2025-58080 was published Jan 20, 2026
A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality... Moderate Unreviewed
CVE-2025-57786 was published Jan 20, 2026
A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of... Moderate Unreviewed
CVE-2025-57787 was published Jan 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database