GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
600 advisories
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
Critical
CVE-2025-24981
was published
for
@nuxtjs/mdc
(npm)
Feb 6, 2025
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
Critical
GHSA-9x4v-xfq5-m8x5
was published
for
better-auth
(npm)
Feb 5, 2025
MathLive's Lack of Escaping of HTML allows for XSS
Moderate
CVE-2025-29049
was published
for
mathlive
(npm)
Jan 21, 2025
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
Moderate
CVE-2025-24012
was published
for
@umbraco-cms/backoffice
(npm)
Jan 21, 2025
Trix allows Cross-site Scripting via `javascript:` url in a link
Moderate
CVE-2025-21610
was published
for
trix
(npm)
Jan 3, 2025
Marp Core allows XSS by improper neutralization of HTML sanitization
Moderate
CVE-2024-56510
was published
for
@marp-team/marp-core
(npm)
Dec 26, 2024
vue-i18n has cross-site scripting vulnerability with prototype pollution
Moderate
CVE-2024-52809
was published
for
@intlify/core
(npm)
Dec 2, 2024
@sveltejs/kit vulnerable to XSS on dev mode 404 page
Low
CVE-2024-53261
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
@sveltejs/kit has unescaped error message included on error page
Low
CVE-2024-53262
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
Froala WYSIWYG editor allows cross-site scripting (XSS)
Moderate
CVE-2024-51434
was published
for
froala-editor
(Composer)
Nov 8, 2024
happy-dom allows for server side code to be executed by a <script> tag
Critical
CVE-2024-51757
was published
for
happy-dom
(npm)
Nov 6, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Moderate
CVE-2024-47885
was published
for
astro
(npm)
Oct 14, 2024
DOMpurify has a nesting-based mXSS
High
CVE-2024-47875
was published
for
dompurify
(npm)
Oct 11, 2024
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Moderate
GHSA-pf56-h9qf-rxq4
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Slim Select has potential Cross-site Scripting issue
Moderate
CVE-2024-9440
was published
for
slim-select
(npm)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API