GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration
Moderate
CVE-2025-31483
was published
for
miniflux.app/v2
(Go)
Apr 4, 2025
Marp Core allows XSS by improper neutralization of HTML sanitization
Moderate
CVE-2024-56510
was published
for
@marp-team/marp-core
(npm)
Dec 26, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh
(Go)
Nov 27, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Moderate
CVE-2024-34064
was published
for
Jinja2
(pip)
May 6, 2024
RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Moderate
CVE-2024-27926
was published
for
rsshub
(npm)
Mar 6, 2024
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters
Moderate
CVE-2023-26491
was published
for
rsshub
(npm)
Mar 1, 2023
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Moderate
CVE-2022-41919
was published
for
fastify
(npm)
Nov 21, 2022
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Moderate
CVE-2022-29214
was published
for
next-auth
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API