Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails Low
CVE-2025-62380 was published for mailgen (npm) Oct 15, 2025
edoardottt
Credited to edoardottt
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails Low
CVE-2025-62366 was published for mailgen (npm) Oct 14, 2025
edoardottt
Credited to edoardottt
Fiora chat user avatar is vulnerable to XSS via SVG files Low
CVE-2025-56514 was published for fiora (npm) Oct 1, 2025
Fiora chat group avatar is vulnerable to XSS via SVG files Low
CVE-2025-56515 was published for fiora (npm) Oct 1, 2025
CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package Low
CVE-2025-58064 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 3, 2025
Trix vulnerable to Cross-site Scripting on copy & paste Low
CVE-2025-46812 was published for trix (npm) May 8, 2025
React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button Low
CVE-2025-3191 was published for react-draft-wysiwyg (npm) Apr 4, 2025
seajs Cross-site Scripting vulnerability Low
CVE-2024-51091 was published for seajs (npm) Mar 3, 2025
tsup DOM Clobbering vulnerability Low
CVE-2024-53384 was published for tsup (npm) Mar 3, 2025
tarteaucitron Cross-site Scripting (XSS) Low
CVE-2025-1467 was published for tarteaucitronjs (npm) Feb 23, 2025
@sveltejs/kit vulnerable to XSS on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann teemingc
RDIL
Credited to benmccann, teemingc, and RDIL
@sveltejs/kit has unescaped error message included on error page Low
CVE-2024-53262 was published for @sveltejs/kit (npm) Nov 25, 2024
dominikg teemingc
benmccann
Credited to dominikg, teemingc, and benmccann
ReLaXed Cross-site Scripting vulnerability Low
CVE-2024-9283 was published for relaxedjs (npm) Sep 27, 2024
m3t3kh4n
Credited to m3t3kh4n
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
Nahiiko
Credited to Nahiiko
Cross-site Scripting in bootstrap-table Low
CVE-2021-23472 was published for bootstrap-table (npm) Nov 8, 2021
XSS in Vega Low
CVE-2020-26296 was published for vega (npm) Dec 30, 2020
Cross-Site Scripting in express-cart Low
GHSA-9pr3-7449-977r was published for express-cart (npm) Sep 2, 2020
Reflected Cross-Site Scripting in redis-commander Low
GHSA-8c8c-4vfj-rrpc was published for redis-commander (npm) Sep 1, 2020
sseide
Credited to sseide
methodOverride Middleware Reflected Cross-Site Scripting in connect Low
CVE-2013-7370 was published for connect (npm) Aug 31, 2020
DOM-based XSS in auth0-lock Low
CVE-2020-15119 was published for auth0-lock (npm) Aug 19, 2020
mvisat
Credited to mvisat
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database