GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
461 advisories
Flowise Stored XSS vulnerability through logs in chatbot
Moderate
CVE-2025-29192
was published
for
flowise
(npm)
Oct 3, 2025
validator.js has a URL validation bypass vulnerability in its isURL function
Moderate
CVE-2025-56200
was published
for
validator
(npm)
Sep 30, 2025
Mailgen: HTML injection vulnerability in plaintext e-mails
Moderate
CVE-2025-59526
was published
for
mailgen
(npm)
Sep 22, 2025
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
Moderate
CVE-2025-59417
was published
for
@lobehub/chat
(npm)
Sep 18, 2025
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
Moderate
CVE-2025-58177
was published
for
n8n
(npm)
Sep 15, 2025
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
Moderate
CVE-2025-9910
was published
for
jsondiffpatch
(npm)
Sep 11, 2025
Decap CMS Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2025-57520
was published
for
decap-cms
(npm)
Sep 10, 2025
Mermaid improperly sanitizes sequence diagram labels leading to XSS
Moderate
CVE-2025-54881
was published
for
mermaid
(npm)
Aug 19, 2025
Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Moderate
CVE-2025-54880
was published
for
mermaid
(npm)
Aug 19, 2025
Astro allows unauthorized third-party images in _image endpoint
Moderate
CVE-2025-55303
was published
for
@astrojs/node
(npm)
Aug 19, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js
Moderate
CVE-2025-9095
was published
for
express-gateway
(npm)
Aug 18, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js
Moderate
CVE-2025-9096
was published
for
express-gateway
(npm)
Aug 18, 2025
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes
Moderate
CVE-2025-53892
was published
for
@intlify/core
(npm)
Jul 16, 2025
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
Moderate
CVE-2025-53626
was published
for
@pdfme/common
(npm)
Jul 10, 2025
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
Moderate
CVE-2025-50183
was published
for
@openlist-frontend/openlist-frontend
(npm)
Jun 18, 2025
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components
Moderate
CVE-2025-1647
was published
for
bootstrap
(npm)
May 15, 2025
n8n Vulnerable to Stored XSS through Attachments View Endpoint
Moderate
CVE-2025-46343
was published
for
n8n
(npm)
Apr 28, 2025
ProTip!
Advisories are also available from the
GraphQL API