GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
461 advisories
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
components/jquery
(RubyGems)
Apr 29, 2020
Flowise Stored XSS vulnerability through logs in chatbot
Moderate
CVE-2025-29192
was published
for
flowise
(npm)
Oct 3, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
Moderate
CVE-2025-59417
was published
for
@lobehub/chat
(npm)
Sep 18, 2025
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
Moderate
CVE-2024-6485
was published
for
bootstrap
(npm)
Jul 11, 2024
Mailgen: HTML injection vulnerability in plaintext e-mails
Moderate
CVE-2025-59526
was published
for
mailgen
(npm)
Sep 22, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js
Moderate
CVE-2025-9096
was published
for
express-gateway
(npm)
Aug 18, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js
Moderate
CVE-2025-9095
was published
for
express-gateway
(npm)
Aug 18, 2025
Decap CMS Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2025-57520
was published
for
decap-cms
(npm)
Sep 10, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
Moderate
CVE-2025-9910
was published
for
jsondiffpatch
(npm)
Sep 11, 2025
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components
Moderate
CVE-2025-1647
was published
for
bootstrap
(npm)
May 15, 2025
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
Moderate
CVE-2025-58177
was published
for
n8n
(npm)
Sep 15, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
KaTeX \htmlData does not validate attribute names
Moderate
CVE-2025-23207
was published
for
katex
(npm)
Jan 17, 2025
Mermaid improperly sanitizes sequence diagram labels leading to XSS
Moderate
CVE-2025-54881
was published
for
mermaid
(npm)
Aug 19, 2025
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
Moderate
CVE-2025-27506
was published
for
nocodb
(npm)
Mar 6, 2025
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Moderate
CVE-2025-54880
was published
for
mermaid
(npm)
Aug 19, 2025
Astro allows unauthorized third-party images in _image endpoint
Moderate
CVE-2025-55303
was published
for
@astrojs/node
(npm)
Aug 19, 2025
ProTip!
Advisories are also available from the
GraphQL API