GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
648 advisories
Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
Astro vulnerable to reflected XSS via the server islands feature
High
CVE-2025-64764
was published
for
astro
(npm)
Nov 19, 2025
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message
Moderate
CVE-2025-64758
was published
for
@dependencytrack/frontend
(npm)
Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-64747
was published
for
directus
(npm)
Nov 14, 2025
Astro development server error page vulnerable to reflected Cross-site Scripting
Low
CVE-2025-64745
was published
for
astro
(npm)
Nov 13, 2025
Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
High
CVE-2025-59840
was published
for
vega
(npm)
Nov 13, 2025
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
High
CVE-2025-64495
was published
for
open-webui
(npm)
Nov 7, 2025
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
High
CVE-2025-59837
was published
for
astro
(npm)
Oct 28, 2025
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Low
CVE-2025-62380
was published
for
mailgen
(npm)
Oct 15, 2025
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Low
CVE-2025-62366
was published
for
mailgen
(npm)
Oct 14, 2025
Flowise Stored XSS vulnerability through logs in chatbot
Moderate
CVE-2025-29192
was published
for
flowise
(npm)
Oct 3, 2025
Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
Critical
CVE-2025-50538
was published
for
flowise
(npm)
Oct 3, 2025
validator.js has a URL validation bypass vulnerability in its isURL function
Moderate
CVE-2025-56200
was published
for
validator
(npm)
Sep 30, 2025
Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
High
CVE-2025-59430
was published
for
@meshconnect/web-link-sdk
(npm)
Sep 22, 2025
Mailgen: HTML injection vulnerability in plaintext e-mails
Moderate
CVE-2025-59526
was published
for
mailgen
(npm)
Sep 22, 2025
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
Moderate
CVE-2025-59417
was published
for
@lobehub/chat
(npm)
Sep 18, 2025
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
Moderate
CVE-2025-58177
was published
for
n8n
(npm)
Sep 15, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
Moderate
CVE-2025-9910
was published
for
jsondiffpatch
(npm)
Sep 11, 2025
ProTip!
Advisories are also available from the
GraphQL API