Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
CKAN vulnerable to stored XSS in resource description Moderate
CVE-2025-54384 was published for ckan (pip) Oct 29, 2025
asifnawazminhas
Credited to asifnawazminhas
FastMCP vulnerable to reflected XSS in client's callback page Moderate
CVE-2025-62800 was published for fastmcp (pip) Oct 29, 2025
an7y
Credited to an7y
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description Moderate
CVE-2025-62528 was published for taguette (pip) Oct 20, 2025
emilvirkki
Credited to emilvirkki
NiceGUI has a Reflected XSS Moderate
CVE-2025-53354 was published for nicegui (pip) Oct 3, 2025
oxqnd
Credited to oxqnd
django CMS Cross-Site Scripting (XSS) Moderate
CVE-2024-11319 was published for django-cms (pip) Nov 18, 2024
Indico vulnerable to Cross-Site Scripting via LaTeX math code Moderate
CVE-2025-59035 was published for indico (pip) Sep 10, 2025
ThiefMaster
Credited to ThiefMaster
copyparty vulnerable to reflected cross-site scripting via k304 parameter Moderate
CVE-2023-38501 was published for copyparty (pip) Jul 25, 2023
TheHackyDog
Credited to TheHackyDog
copyparty Reflected XSS via Filter Parameter Moderate
CVE-2025-54589 was published for copyparty (pip) Jul 31, 2025
Ju0x
Credited to Ju0x
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata Moderate
CVE-2025-54423 was published for copyparty (pip) Jul 28, 2025
altperfect
Credited to altperfect
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function Moderate
CVE-2025-6050 was published for Mezzanine (pip) Jun 17, 2025
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates Moderate
CVE-2025-53865 was published for roundup (pip) Jul 13, 2025
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
Credited to lDomenx
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
Credited to isacaya
Mezzanine CMS Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-29573 was published for Mezzanine (pip) May 5, 2025
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload Moderate
CVE-2025-46335 was published for mobsf (pip) May 5, 2025
ssshah2131
Credited to ssshah2131
Web2py Reflected XSS vulnerability Moderate
CVE-2016-4807 was published for web2py (pip) May 17, 2022
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting Moderate
CVE-2014-0157 was published for horizon (pip) May 14, 2022
Roundup Cross-site Scripting (XSS) vulnerability Moderate
CVE-2012-6130 was published for roundup (pip) May 17, 2022
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
Credited to chor4o and dpgaspar
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload Moderate
CVE-2024-7044 was published for open-webui (pip) Mar 20, 2025
AgentScope stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-8556 was published for agentscope (pip) Mar 20, 2025
Stored cross site scripting in changedetection.io Moderate
CVE-2023-24769 was published for changedetection.io (pip) Feb 18, 2023
edoardottt
Credited to edoardottt
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint Moderate
CVE-2025-25296 was published for label-studio (pip) Feb 14, 2025
xbow-security
Credited to xbow-security
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database