Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

311 advisories

Loading
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes Moderate
CVE-2026-52774 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
hash3liZer Credited to hash3liZer
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php` Moderate
CVE-2026-52773 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
hash3liZer Credited to hash3liZer
HTML Injection in ActiveMQ Artemis Web Console Moderate
CVE-2022-35278 was published for org.apache.activemq:artemis-server (Maven) Aug 24, 2022
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. Moderate Unreviewed
CVE-2025-64637 was published Jun 26, 2026
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS Moderate
CVE-2026-52816 was published for gogs.io/gogs (Go) Jun 23, 2026
JLGitHub66 Credited to JLGitHub66
OctoPrint has XSS in its Suppressed Command Notifications Moderate
CVE-2026-35163 was published for OctoPrint (pip) Jun 23, 2026
jacopotediosi Credited to jacopotediosi
Django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
A reflected cross-site scripting issue exists in URL handling. Moderate Unreviewed
CVE-2026-9646 was published May 28, 2026
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer Moderate
CVE-2026-45346 was published for open-webui (npm) May 14, 2026
ZoczuS Credited to ZoczuS
ProTip! Advisories are also available from the GraphQL API