Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Moderate
CVE-2025-64716 was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
Credited to r3verii
Memos Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2025-56761 was published for github.com/usememos/memos (Go) Sep 4, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs Moderate
CVE-2025-50738 was published for github.com/usememos/memos (Go) Jul 29, 2025
Harbor repository description page has Cross-site Scripting vulnerability Moderate
CVE-2025-32019 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Grafana is vulnerable to XSS attacks through open redirects and path traversal High
CVE-2025-6023 was published for github.com/grafana/grafana (Go) Jul 18, 2025
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function High
CVE-2025-52902 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Credited to mtausig and hacdias
Gogs XSS allowed by stored call in PDF renderer Moderate
CVE-2025-47943 was published for github.com/gogs/gogs (Go) Jun 26, 2025
edoardottt
Credited to edoardottt
Gokapi vulnerable to stored XSS via uploading file with malicious file name Moderate
CVE-2025-48494 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
4rdr Forceu
Credited to 4rdr and Forceu
Gokapi has stored XSS vulnerability in friendly name for API keys Moderate
CVE-2025-48495 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
Forceu
Credited to Forceu
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Credited to Ry0taK and crenshaw-dev
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality Moderate
CVE-2024-52290 was published for github.com/lf-edge/ekuiper (Go) May 14, 2025
TheMostKnown
Credited to TheMostKnown
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration Moderate
CVE-2025-31483 was published for miniflux.app/v2 (Go) Apr 4, 2025
Ry0taK takumi-san-ai
Credited to Ry0taK and takumi-san-ai
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Moderate
CVE-2023-27592 was published for miniflux.app/v2 (Go) Apr 2, 2025
fguillot 40826d
Credited to fguillot and 40826d
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
Credited to thevilledev
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
Credited to AyushXtha
LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality Moderate
CVE-2024-9900 was published for github.com/mudler/LocalAI (Go) Mar 20, 2025
LF Edge eKuiper allows Stored XSS in Rules Functionality Moderate
CVE-2024-52812 was published for github.com/lf-edge/ekuiper (Go) Mar 10, 2025
TheMostKnown ngjaying
Credited to TheMostKnown and ngjaying
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim Moderate
CVE-2025-27155 was published for github.com/matrix-org/pinecone (Go) Mar 4, 2025
Treanglex
Credited to Treanglex
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation High
CVE-2025-27088 was published for github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy (Go) Feb 20, 2025
ddvleeuwen oxyno-zeta
Credited to ddvleeuwen and oxyno-zeta
Rancher UI has Stored Cross-site Scripting vulnerability High
CVE-2024-52281 was published for github.com/rancher/rancher (Go) Jan 14, 2025
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
Credited to jmooring
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database