Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

459 advisories

Loading
Flowise Stored XSS vulnerability through logs in chatbot Moderate
GHSA-7r4h-vmj9-wg42 was published for flowise (npm) Oct 3, 2025
LIFE-team2024
Credited to LIFE-team2024
Flowise vulnerable to XSS Moderate
GHSA-4fr9-3x69-36wv was published for flowise (npm) Oct 3, 2025
quitbug
Credited to quitbug
Mailgen: HTML injection vulnerability in plaintext e-mails Moderate
CVE-2025-59526 was published for mailgen (npm) Sep 22, 2025
edoardottt
Credited to edoardottt
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages Moderate
CVE-2025-59417 was published for @lobehub/chat (npm) Sep 18, 2025
jackfromeast Suuuuuzy
Credited to jackfromeast and Suuuuuzy
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter Moderate
CVE-2025-58177 was published for n8n (npm) Sep 15, 2025
pfelilpe 5h0lm3s
Credited to pfelilpe and 5h0lm3s
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin Moderate
CVE-2025-9910 was published for jsondiffpatch (npm) Sep 11, 2025
cai0duque
Credited to cai0duque
Decap CMS Cross Site Scripting (XSS) vulnerability Moderate
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
sanitize-html is vulnerable to XSS through incomprehensive sanitization Moderate
CVE-2019-25225 was published for sanitize-html (npm) Sep 8, 2025
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
Mermaid improperly sanitizes sequence diagram labels leading to XSS Moderate
CVE-2025-54881 was published for mermaid (npm) Aug 19, 2025
fourcube sidharthv96
dav1tj aloisklink MermaidChart
Credited to fourcube, sidharthv96, dav1tj, aloisklink, and MermaidChart
Mermaid does not properly sanitize architecture diagram iconText leading to XSS Moderate
CVE-2025-54880 was published for mermaid (npm) Aug 19, 2025
fourcube sidharthv96
dav1tj aloisklink MermaidChart
Credited to fourcube, sidharthv96, dav1tj, aloisklink, and MermaidChart
Astro allows unauthorized third-party images in _image endpoint Moderate
CVE-2025-55303 was published for @astrojs/node (npm) Aug 19, 2025
HakuPiku GeneralZero
chriselbring-avalabs ematipico delucis Princesseuh
Credited to HakuPiku, GeneralZero, chriselbring-avalabs, ematipico, delucis, and Princesseuh
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js Moderate
CVE-2025-9095 was published for express-gateway (npm) Aug 18, 2025
cai0duque
Credited to cai0duque
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Moderate
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
cai0duque
Credited to cai0duque
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes Moderate
CVE-2025-53892 was published for @intlify/core (npm) Jul 16, 2025
luoingly
Credited to luoingly
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation Moderate
CVE-2025-53626 was published for @pdfme/common (npm) Jul 10, 2025
arkark
Credited to arkark
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer Moderate
CVE-2025-50183 was published for @openlist-frontend/openlist-frontend (npm) Jun 18, 2025
zyk2507 cxw620
jyxjjj
Credited to zyk2507, cxw620, and jyxjjj
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components Moderate
CVE-2025-1647 was published for bootstrap (npm) May 15, 2025
levpachmanov
Credited to levpachmanov
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data Moderate
CVE-2025-47204 was published for bootstrap-multiselect (npm) May 13, 2025
@lumieducation/h5p-server Fails to Sanitize Plain Text Strings Moderate
CVE-2025-47828 was published for @lumieducation/h5p-server (npm) May 11, 2025
n8n Vulnerable to Stored XSS through Attachments View Endpoint Moderate
CVE-2025-46343 was published for n8n (npm) Apr 28, 2025
Mahmoud0x00
Credited to Mahmoud0x00
QMarkdown Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-43954 was published for @quasar/quasar-ui-qmarkdown (npm) Apr 20, 2025
jquery-validation vulnerable to Cross-site Scripting Moderate
CVE-2025-3573 was published for jquery-validation (npm) Apr 15, 2025
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params Moderate
CVE-2025-32388 was published for @sveltejs/kit (npm) Apr 14, 2025
kkarikos Rich-Harris
dominikg dummdidumm
Credited to kkarikos, Rich-Harris, dominikg, and dummdidumm
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database