Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

564 advisories

Loading
NodeBB Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-57041 was published for nodebb (npm) Jan 24, 2025
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc Critical
CVE-2025-24981 was published for @nuxtjs/mdc (npm) Feb 6, 2025
lirantal
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting) Critical
GHSA-9x4v-xfq5-m8x5 was published for better-auth (npm) Feb 5, 2025
Eriner
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
Cross Site Scripting vulnerability in store2 Moderate
CVE-2024-57556 was published for store2 (npm) Jan 24, 2025
@sveltejs/kit vulnerable to XSS on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann eltigerchino
RDIL
MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-qwj6-q94f-8425 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components Moderate
CVE-2025-24012 was published for @umbraco-cms/backoffice (npm) Jan 21, 2025
Nexusss-ppatil
hexo-theme-anzhiyu Cross-site Scripting vulnerability Moderate
CVE-2024-25865 was published for hexo-theme-anzhiyu (npm) Mar 3, 2024
Trix allows Cross-site Scripting via `javascript:` url in a link Moderate
CVE-2025-21610 was published for trix (npm) Jan 3, 2025
th4s1s intrip
Marp Core allows XSS by improper neutralization of HTML sanitization Moderate
CVE-2024-56510 was published for @marp-team/marp-core (npm) Dec 26, 2024
Ry0taK
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
vue-i18n has cross-site scripting vulnerability with prototype pollution Moderate
CVE-2024-52809 was published for @intlify/core (npm) Dec 2, 2024
BobbieGoede
Nunjucks autoescape bypass leads to cross site scripting Moderate
CVE-2023-2142 was published for nunjucks (npm) Apr 20, 2023
blaiddx64
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling Moderate
CVE-2024-53843 was published for @dapperduckling/keycloak-connector-server (npm) Nov 26, 2024
@sveltejs/kit has unescaped error message included on error page Low
CVE-2024-53262 was published for @sveltejs/kit (npm) Nov 25, 2024
dominikg eltigerchino
benmccann
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes Moderate
CVE-2024-6485 was published for bootstrap (npm) Jul 11, 2024
hdtmccallie
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server Moderate
CVE-2024-11023 was published for firebase (npm) Nov 18, 2024
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover Moderate
CVE-2024-43411 was published for ckeditor4 (npm) Aug 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database