Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. High
CVE-2025-47783 was published for label-studio (pip) May 15, 2025
Medok228
Open WebUI stored cross-site scripting (XSS) vulnerability High
CVE-2024-7990 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack High
CVE-2024-7053 was published for open-webui (pip) Mar 20, 2025
MobSF Stored Cross-Site Scripting (XSS) High
CVE-2025-24803 was published for mobsf (pip) Feb 5, 2025
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
CKAN has an XSS vector in user uploaded images in group/org and user profiles High
CVE-2025-24372 was published for ckan (pip) Feb 5, 2025
m4dn355
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled High
CVE-2022-41905 was published for wsgidav (pip) Nov 16, 2022
brunnjf
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields High
CVE-2021-29434 was published for wagtail (pip) Apr 20, 2021
kevthehermit gasman
tdunlap607
Cross-Site Scripting in Wagtail High
CVE-2020-15118 was published for wagtail (pip) Jul 20, 2020
acarasimon96
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context High
CVE-2023-45815 was published for archivebox (pip) Oct 19, 2023
Cross-site Scripting in OctoPrint High
CVE-2022-1430 was published for OctoPrint (pip) May 19, 2022
Cross-site Scripting in OctoPrint High
CVE-2022-1432 was published for OctoPrint (pip) May 19, 2022
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
Cross-site Scripting in django-helpdesk High
CVE-2021-3945 was published for django-helpdesk (pip) Nov 15, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3950 was published for django-helpdesk (pip) Nov 23, 2021
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette High
GHSA-gff3-739c-gxfq was published for datasette (pip) Jun 10, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database