Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params Moderate
CVE-2025-32388 was published for @sveltejs/kit (npm) Apr 14, 2025
kkarikos Rich-Harris
dominikg dummdidumm
Credited to kkarikos, Rich-Harris, dominikg, and dummdidumm
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
tarteaucitron.js allows url scheme injection via unfiltered inputs Moderate
CVE-2025-31476 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Credited to Rudloff
Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-929m-phjg-qwcc was published for mathlive (npm) Apr 1, 2025 withdrawn
gifplayer XSS vulnerability Moderate
CVE-2025-31128 was published for gifplayer (npm) Mar 31, 2025
Rudloff
Credited to Rudloff
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] Moderate
CVE-2025-27793 was published for vega (npm) Mar 27, 2025
FallingPineapples hydrosquall
domoritz
Credited to FallingPineapples, hydrosquall, and domoritz
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter Moderate
CVE-2025-26619 was published for vega (npm) Mar 27, 2025
kprevas hydrosquall
domoritz mattijn lsh
Credited to kprevas, hydrosquall, domoritz, mattijn, and lsh
GetmeUK ContentTools Cross-Site Scripting (XSS) Moderate
CVE-2025-2699 was published for ContentTools (npm) Mar 24, 2025
JS Html Sanitizer allows XSS when used with contentEditable Moderate
CVE-2025-29771 was published for @jitbit/htmlsanitizer (npm) Mar 14, 2025
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page Moderate
CVE-2025-27506 was published for nocodb (npm) Mar 6, 2025
xL34K3D gabrielott
Credited to xL34K3D and gabrielott
mavo DOM Clobbering vulnerability Moderate
CVE-2024-53388 was published for mavo (npm) Mar 3, 2025
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
lkuechler
Credited to lkuechler
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package Moderate
CVE-2025-25299 was published for @ckeditor/ckeditor5-real-time-collaboration (npm) Feb 20, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function Moderate
CVE-2025-25304 was published for vega (npm) Feb 14, 2025
FallingPineapples domoritz
Credited to FallingPineapples and domoritz
DOMPurify allows Cross-site Scripting (XSS) Moderate
CVE-2025-26791 was published for dompurify (npm) Feb 14, 2025
julianladisch
Credited to julianladisch
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
Credited to mhassan1
NodeBB Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-57041 was published for nodebb (npm) Jan 24, 2025
Cross Site Scripting vulnerability in store2 Moderate
CVE-2024-57556 was published for store2 (npm) Jan 24, 2025
MathLive's Lack of Escaping of HTML allows for XSS Moderate
CVE-2025-29049 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
Credited to nsysean and arnog
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components Moderate
CVE-2025-24012 was published for @umbraco-cms/backoffice (npm) Jan 21, 2025
Nexusss-ppatil
Credited to Nexusss-ppatil
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
Credited to nsysean and edemaine
Trix allows Cross-site Scripting via `javascript:` url in a link Moderate
CVE-2025-21610 was published for trix (npm) Jan 3, 2025
th4s1s intrip
Credited to th4s1s and intrip
Marp Core allows XSS by improper neutralization of HTML sanitization Moderate
CVE-2024-56510 was published for @marp-team/marp-core (npm) Dec 26, 2024
Ry0taK
Credited to Ry0taK
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database