Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
validator.js has a URL validation bypass vulnerability in its isURL function Moderate
CVE-2025-56200 was published for validator (npm) Sep 30, 2025
G-Rath Moumouls
aleyipsoftwire
Credited to G-Rath, Moumouls, and aleyipsoftwire
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Credited to masatokinugawa, klaudialax, and Rudloff
QGIS QWC2 Cross-Site Scripting vulnerability Moderate
CVE-2025-11183 was published for qwc2 (npm) Oct 13, 2025
Flowise Stored XSS vulnerability through logs in chatbot Moderate
CVE-2025-29192 was published for flowise (npm) Oct 3, 2025
LIFE-team2024
Credited to LIFE-team2024
Flowise vulnerable to XSS Moderate
GHSA-4fr9-3x69-36wv was published for flowise (npm) Oct 3, 2025
quitbug
Credited to quitbug
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
alexeyNeklesa-idt metametadata
eoftedal
Credited to alexeyNeklesa-idt, metametadata, and eoftedal
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages Moderate
CVE-2025-59417 was published for @lobehub/chat (npm) Sep 18, 2025
jackfromeast Suuuuuzy
Credited to jackfromeast and Suuuuuzy
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes Moderate
CVE-2024-6485 was published for bootstrap (npm) Jul 11, 2024
hdtmccallie
Credited to hdtmccallie
Mailgen: HTML injection vulnerability in plaintext e-mails Moderate
CVE-2025-59526 was published for mailgen (npm) Sep 22, 2025
edoardottt
Credited to edoardottt
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Moderate
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
cai0duque
Credited to cai0duque
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js Moderate
CVE-2025-9095 was published for express-gateway (npm) Aug 18, 2025
cai0duque
Credited to cai0duque
Decap CMS Cross Site Scripting (XSS) vulnerability Moderate
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin Moderate
CVE-2025-9910 was published for jsondiffpatch (npm) Sep 11, 2025
cai0duque
Credited to cai0duque
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components Moderate
CVE-2025-1647 was published for bootstrap (npm) May 15, 2025
levpachmanov
Credited to levpachmanov
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter Moderate
CVE-2025-58177 was published for n8n (npm) Sep 15, 2025
pfelilpe 5h0lm3s
Credited to pfelilpe and 5h0lm3s
sanitize-html is vulnerable to XSS through incomprehensive sanitization Moderate
CVE-2019-25225 was published for sanitize-html (npm) Sep 8, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
metametadata
Credited to metametadata
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
Credited to nsysean and edemaine
Mermaid improperly sanitizes sequence diagram labels leading to XSS Moderate
CVE-2025-54881 was published for mermaid (npm) Aug 19, 2025
fourcube sidharthv96
dav1tj aloisklink MermaidChart
Credited to fourcube, sidharthv96, dav1tj, aloisklink, and MermaidChart
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page Moderate
CVE-2025-27506 was published for nocodb (npm) Mar 6, 2025
xL34K3D gabrielott
Credited to xL34K3D and gabrielott
Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint Moderate
CVE-2025-43761 was published for com.liferay:com.liferay.frontend.editor.ckeditor.web (Maven) Aug 22, 2025
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Credited to pyozzi-toss
Mermaid does not properly sanitize architecture diagram iconText leading to XSS Moderate
CVE-2025-54880 was published for mermaid (npm) Aug 19, 2025
fourcube sidharthv96
dav1tj aloisklink MermaidChart
Credited to fourcube, sidharthv96, dav1tj, aloisklink, and MermaidChart
Astro allows unauthorized third-party images in _image endpoint Moderate
CVE-2025-55303 was published for @astrojs/node (npm) Aug 19, 2025
HakuPiku GeneralZero
chriselbring-avalabs ematipico delucis Princesseuh
Credited to HakuPiku, GeneralZero, chriselbring-avalabs, ematipico, delucis, and Princesseuh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database