GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
393 advisories
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
Spotipy has a XSS vulnerability in its OAuth callback server
Low
CVE-2025-66040
was published
for
spotipy
(pip)
Dec 1, 2025
changedetection.io: Stored XSS in Watch update via API
Low
CVE-2025-62780
was published
for
changedetection.io
(pip)
Nov 12, 2025
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
High
CVE-2025-64495
was published
for
open-webui
(npm)
Nov 7, 2025
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Moderate
CVE-2025-64187
was published
for
octoprint
(pip)
Nov 4, 2025
FastMCP vulnerable to reflected XSS in client's callback page
Moderate
CVE-2025-62800
was published
for
fastmcp
(pip)
Oct 29, 2025
CKAN vulnerable to stored XSS in resource description
Moderate
CVE-2025-54384
was published
for
ckan
(pip)
Oct 29, 2025
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
Moderate
CVE-2025-62528
was published
for
taguette
(pip)
Oct 20, 2025
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
High
CVE-2025-62172
was published
for
homeassistant
(pip)
Oct 14, 2025
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
High
CVE-2025-61773
was published
for
pyload-ng
(pip)
Oct 9, 2025
Indico vulnerable to Cross-Site Scripting via LaTeX math code
Moderate
CVE-2025-59035
was published
for
indico
(pip)
Sep 10, 2025
copyparty Reflected XSS via Filter Parameter
Moderate
CVE-2025-54589
was published
for
copyparty
(pip)
Jul 31, 2025
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
Moderate
CVE-2025-54423
was published
for
copyparty
(pip)
Jul 28, 2025
Cadwyn vulnerable to XSS on the docs page
High
CVE-2025-53528
was published
for
cadwyn
(pip)
Jul 21, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA
Critical
CVE-2025-53890
was published
for
pyload-ng
(pip)
Jul 15, 2025
ChangeDetection.io XSS in watch overview
High
CVE-2025-52558
was published
for
changedetection.io
(pip)
Jun 23, 2025
ProTip!
Advisories are also available from the
GraphQL API