GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,080 advisories
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks
Moderate
GHSA-xmcw-mv9p-7pq2
was published
for
org.keycloak:keycloak-account-ui
(Maven)
Sep 5, 2025
•
withdrawn
bagisto has Cross Site Scripting (XSS) in Create New Customer
Moderate
CVE-2025-62414
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
Moderate
CVE-2025-62418
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Moderate
CVE-2025-62415
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
LibreNMS has a Stored XSS vulnerability in its Alert Transport name field
Moderate
CVE-2025-62411
was published
for
librenms/librenms
(Composer)
Oct 16, 2025
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
Moderate
CVE-2025-62172
was published
for
homeassistant
(pip)
Oct 14, 2025
LibreNMS is vulnerable to Reflected-XSS in `report_this` function
Moderate
CVE-2025-62365
was published
for
librenms/librenms
(Composer)
Oct 13, 2025
Flowise Stored XSS vulnerability through logs in chatbot
Moderate
CVE-2025-29192
was published
for
flowise
(npm)
Oct 3, 2025
Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting
Moderate
CVE-2025-61788
was published
for
org.opencastproject:opencast-common
(Maven)
Oct 8, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API