Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

70 advisories

Loading
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes Moderate
CVE-2026-52774 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
hash3liZer Credited to hash3liZer
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php` Moderate
CVE-2026-52773 was published for yeswiki/yeswiki (Composer) Jul 9, 2026
hash3liZer Credited to hash3liZer
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS Moderate
CVE-2026-52816 was published for gogs.io/gogs (Go) Jun 23, 2026
JLGitHub66 Credited to JLGitHub66
OctoPrint has XSS in its Suppressed Command Notifications Moderate
CVE-2026-35163 was published for OctoPrint (pip) Jun 23, 2026
jacopotediosi Credited to jacopotediosi
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer Moderate
CVE-2026-45346 was published for open-webui (npm) May 14, 2026
ZoczuS Credited to ZoczuS
Weblate vulnerable to XSS via crafted Markdown Moderate
CVE-2026-44264 was published for weblate (pip) May 7, 2026
nijel Credited to nijel
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer Moderate
CVE-2026-35453 was published for phpoffice/phpspreadsheet (Composer) Apr 28, 2026
marduc812 Credited to marduc812
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare Moderate
CVE-2026-40105 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 14, 2026
mikecole-mg Credited to mikecole-mg
The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI Moderate
CVE-2026-4267 was published for johnbillion/query-monitor (Composer) Mar 19, 2026
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate
CVE-2026-28499 was published for github.com/vapor/leaf-kit (Swift) Mar 16, 2026
iCMDdev Credited to iCMDdev, gwynne, and 0xTim gwynne gwynne
0xTim 0xTim
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module Moderate
CVE-2026-27116 was published for code.vikunja.io/api (Go) Feb 25, 2026
sudo0xksh Credited to sudo0xksh
Navidrome has XSS via comment from song metadata Moderate
CVE-2026-25578 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
AlexGustafsson Credited to AlexGustafsson
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages Moderate
CVE-2026-24128 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jan 23, 2026
mikecole-mg Credited to mikecole-mg
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication Moderate
CVE-2025-66472 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Dec 10, 2025
4rdr Credited to 4rdr
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd Credited to oscerd
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt Moderate
CVE-2025-64187 was published for octoprint (pip) Nov 4, 2025
jacopotediosi Credited to jacopotediosi
bagisto has Cross Site Scripting (XSS) in Create New Customer Moderate
CVE-2025-62414 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG) Moderate
CVE-2025-62418 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML) Moderate
CVE-2025-62415 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865 Credited to kiwi865
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-55672 was published for apache-superset (pip) Aug 14, 2025
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-jf6p-4hgv-v6qh was published for leantime/leantime (Composer) Mar 28, 2025 withdrawn
Froxlor has an HTML Injection Vulnerability Moderate
CVE-2025-48958 was published for froxlor/froxlor (Composer) Mar 11, 2025
BenefactorYuvi Credited to BenefactorYuvi
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim Moderate
CVE-2025-27155 was published for github.com/matrix-org/pinecone (Go) Mar 4, 2025
Treanglex Credited to Treanglex
Formwork has a cross-site scripting (XSS) vulnerability in Site title Moderate
GHSA-vf6x-59hh-332f was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412 Credited to Kyokito1412
Leantime affected by Improper Neutralization of HTML Tags Moderate
CVE-2025-28254 was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent Credited to cyber-brent and hugo-guzman hugo-guzman hugo-guzman
ProTip! Advisories are also available from the GraphQL API