Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,691
Maven
5,000+
npm
4,320
NuGet
760
pip
4,097
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
Tryton sao allows XSS via an HTML attachment Moderate
CVE-2025-66420 was published for tryton-sao (npm) Nov 30, 2025
Tryton sao allows XSS because it does not escape completion values Moderate
CVE-2025-66421 was published for tryton-sao (npm) Nov 30, 2025
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
Credited to mhassan1
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint Moderate
CVE-2025-65019 was published for astro (npm) Nov 19, 2025
zomaxsec
Credited to zomaxsec
Astro allows unauthorized third-party images in _image endpoint Moderate
CVE-2025-55303 was published for @astrojs/node (npm) Aug 19, 2025
HakuPiku GeneralZero
chriselbring-avalabs ematipico delucis Princesseuh
Credited to HakuPiku, GeneralZero, chriselbring-avalabs, ematipico, delucis, and Princesseuh
DOM Clobbering Gadget found in astro's client-side router that leads to XSS Moderate
CVE-2024-47885 was published for astro (npm) Oct 14, 2024
jackfromeast ishmeals
Credited to jackfromeast and ishmeals
Angular vulnerable to Cross-site Scripting Moderate
CVE-2021-4231 was published for @angular/core (npm) May 27, 2022
TTracz2i
Credited to TTracz2i
Angular vulnerable to Cross-site Scripting Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
Credited to tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Credited to jenhae
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message Moderate
CVE-2025-64758 was published for @dependencytrack/frontend (npm) Nov 17, 2025
jFriedli
Credited to jFriedli
Directus is Vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-64747 was published for directus (npm) Nov 14, 2025
Cl0wnK1n9
Credited to Cl0wnK1n9
Nuxt DevTools vulnerable to cross-site scripting (XSS) Moderate
CVE-2025-52662 was published for @nuxt/devtools (npm) Nov 7, 2025
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
Credited to esbena and A-Fitz-Nelnet
ansi_up cross-site scripting vulnerability Moderate
CVE-2021-3377 was published for ansi_up (npm) Mar 11, 2021
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes Moderate
CVE-2024-6485 was published for bootstrap (npm) Jul 11, 2024
hdtmccallie
Credited to hdtmccallie
validator.js has a URL validation bypass vulnerability in its isURL function Moderate
CVE-2025-56200 was published for validator (npm) Sep 30, 2025
G-Rath Moumouls
aleyipsoftwire
Credited to G-Rath, Moumouls, and aleyipsoftwire
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Credited to masatokinugawa, klaudialax, and Rudloff
QGIS QWC2 Cross-Site Scripting vulnerability Moderate
CVE-2025-11183 was published for qwc2 (npm) Oct 13, 2025
Flowise Stored XSS vulnerability through logs in chatbot Moderate
CVE-2025-29192 was published for flowise (npm) Oct 3, 2025
LIFE-team2024
Credited to LIFE-team2024
Flowise vulnerable to XSS Moderate
GHSA-4fr9-3x69-36wv was published for flowise (npm) Oct 3, 2025
quitbug
Credited to quitbug
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
alexeyNeklesa-idt metametadata
eoftedal
Credited to alexeyNeklesa-idt, metametadata, and eoftedal
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages Moderate
CVE-2025-59417 was published for @lobehub/chat (npm) Sep 18, 2025
jackfromeast Suuuuuzy
Credited to jackfromeast and Suuuuuzy
Mailgen: HTML injection vulnerability in plaintext e-mails Moderate
CVE-2025-59526 was published for mailgen (npm) Sep 22, 2025
edoardottt
Credited to edoardottt
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Moderate
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
cai0duque
Credited to cai0duque
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database