Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

415 advisories

Loading
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes Moderate
CVE-2026-52774 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
hash3liZer Credited to hash3liZer
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php` Moderate
CVE-2026-52773 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
hash3liZer Credited to hash3liZer
mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function High
CVE-2026-52854 was published for mediawiki/maps (Composer) Jul 2, 2026
SomeMWDev Credited to SomeMWDev
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. Moderate Unreviewed
CVE-2025-64637 was published Jun 26, 2026
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS Moderate
CVE-2026-52816 was published for gogs.io/gogs (Go) Jun 23, 2026
JLGitHub66 Credited to JLGitHub66
OctoPrint has XSS in its Suppressed Command Notifications Moderate
CVE-2026-35163 was published for OctoPrint (pip) Jun 23, 2026
jacopotediosi Credited to jacopotediosi
Gogs: XSS in .ipynb files renderer due to outdated notebookjs High
GHSA-6vxv-wg6j-5qwp was published for gogs.io/gogs (Go) Jun 19, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, and grumpinout1 JorianWoltjer JorianWoltjer
grumpinout1 grumpinout1
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled High
CVE-2026-55692 was published for starcitizenwiki/embedvideo (Composer) Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template High
CVE-2026-55691 was published for starcitizenwiki/embedvideo (Composer) Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text High
CVE-2026-55690 was published for starcitizenwiki/embedvideo (Composer) Jun 19, 2026
Astro: Reflected XSS via unescaped slot name High
CVE-2026-50146 was published for astro (npm) Jun 16, 2026
floudeciel Credited to floudeciel
A reflected cross-site scripting issue exists in URL handling. Moderate Unreviewed
CVE-2026-9646 was published May 28, 2026
ProTip! Advisories are also available from the GraphQL API