Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

437 advisories

Loading
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data Moderate
CVE-2025-47204 was published for bootstrap-multiselect (npm) May 13, 2025
@lumieducation/h5p-server Fails to Sanitize Plain Text Strings Moderate
CVE-2025-47828 was published for @lumieducation/h5p-server (npm) May 11, 2025
n8n Vulnerable to Stored XSS through Attachments View Endpoint Moderate
CVE-2025-46343 was published for n8n (npm) Apr 28, 2025
Mahmoud0x00
QMarkdown Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-43954 was published for @quasar/quasar-ui-qmarkdown (npm) Apr 20, 2025
jquery-validation vulnerable to Cross-site Scripting Moderate
CVE-2025-3573 was published for jquery-validation (npm) Apr 15, 2025
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params Moderate
CVE-2025-32388 was published for @sveltejs/kit (npm) Apr 14, 2025
kkarikos Rich-Harris
dominikg dummdidumm
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
linhnph05
tarteaucitron.js allows url scheme injection via unfiltered inputs Moderate
CVE-2025-31476 was published for tarteaucitronjs (npm) Apr 7, 2025
Rudloff
Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-929m-phjg-qwcc was published for mathlive (npm) Apr 1, 2025 withdrawn
gifplayer XSS vulnerability Moderate
CVE-2025-31128 was published for gifplayer (npm) Mar 31, 2025
Rudloff
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] Moderate
CVE-2025-27793 was published for vega (npm) Mar 27, 2025
FallingPineapples hydrosquall
domoritz
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter Moderate
CVE-2025-26619 was published for vega (npm) Mar 27, 2025
kprevas hydrosquall
domoritz mattijn lsh
GetmeUK ContentTools Cross-Site Scripting (XSS) Moderate
CVE-2025-2699 was published for ContentTools (npm) Mar 24, 2025
JS Html Sanitizer allows XSS when used with contentEditable Moderate
CVE-2025-29771 was published for @jitbit/htmlsanitizer (npm) Mar 14, 2025
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page Moderate
CVE-2025-27506 was published for nocodb (npm) Mar 6, 2025
xL34K3D gabrielott
mavo DOM Clobbering vulnerability Moderate
CVE-2024-53388 was published for mavo (npm) Mar 3, 2025
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package Moderate
CVE-2025-25299 was published for @ckeditor/ckeditor5-real-time-collaboration (npm) Feb 20, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function Moderate
CVE-2025-25304 was published for vega (npm) Feb 14, 2025
FallingPineapples domoritz
DOMPurify allows Cross-site Scripting (XSS) Moderate
CVE-2025-26791 was published for dompurify (npm) Feb 14, 2025
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
NodeBB Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-57041 was published for nodebb (npm) Jan 24, 2025
Cross Site Scripting vulnerability in store2 Moderate
CVE-2024-57556 was published for store2 (npm) Jan 24, 2025
MathLive's Lack of Escaping of HTML allows for XSS Moderate
CVE-2025-29049 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components Moderate
CVE-2025-24012 was published for @umbraco-cms/backoffice (npm) Jan 21, 2025
Nexusss-ppatil
Trix allows Cross-site Scripting via `javascript:` url in a link Moderate
CVE-2025-21610 was published for trix (npm) Jan 3, 2025
th4s1s intrip
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database