Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,747
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
Mezzanine CMS Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-29573 was published for Mezzanine (pip) May 5, 2025
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload Moderate
CVE-2025-46335 was published for mobsf (pip) May 5, 2025
ssshah2131
Web2py Reflected XSS vulnerability Moderate
CVE-2016-4807 was published for web2py (pip) May 17, 2022
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting Moderate
CVE-2014-0157 was published for horizon (pip) May 14, 2022
Roundup Cross-site Scripting (XSS) vulnerability Moderate
CVE-2012-6130 was published for roundup (pip) May 17, 2022
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload Moderate
CVE-2024-7044 was published for open-webui (pip) Mar 20, 2025
AgentScope stored cross-site scripting (XSS) vulnerability Moderate
CVE-2024-8556 was published for agentscope (pip) Mar 20, 2025
Stored cross site scripting in changedetection.io Moderate
CVE-2023-24769 was published for changedetection.io (pip) Feb 18, 2023
edoardottt
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint Moderate
CVE-2025-25296 was published for label-studio (pip) Feb 14, 2025
xbow-security
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-22195 was published for jinja2 (pip) Jan 11, 2024
CalumHutton
Apache Airflow has a stored cross-site scripting vulnerability Moderate
CVE-2023-47265 was published for apache-airflow (pip) Dec 21, 2023
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Moderate
CVE-2024-32077 was published for apache-airflow (pip) May 14, 2024
Reflected Cross-Site Scripting (XSS) in zenml Moderate
CVE-2024-5062 was published for zenml (pip) Jun 30, 2024
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2024-41937 was published for apache-airflow (pip) Aug 21, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates Moderate
CVE-2024-49377 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files Moderate
CVE-2024-47872 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
D-Tale allows Remote Code Execution through the Custom Filter Input Moderate
CVE-2024-55890 was published for dtale (pip) Dec 13, 2024
TaiPhung217
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
pyspider Cross-site Scripting vulnerability Moderate
CVE-2024-39162 was published for pyspider (pip) Nov 29, 2024
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Moderate
CVE-2015-3219 was published for horizon (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database