Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,195
Maven
5,000+
npm
3,841
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+

32,813 advisories

Loading
Open WebUI stored cross-site scripting (XSS) vulnerability High
CVE-2024-7990 was published for open-webui (pip) Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of... High Unreviewed
CVE-2024-8101 was published Mar 20, 2025
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers... Moderate Unreviewed
CVE-2024-8027 was published Mar 20, 2025
An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0.... Moderate Unreviewed
CVE-2024-8029 was published Mar 20, 2025
An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the... Critical Unreviewed
CVE-2024-8017 was published Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack High
CVE-2024-7053 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload Moderate
CVE-2024-7044 was published for open-webui (pip) Mar 20, 2025
A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui... Moderate Unreviewed
CVE-2024-6986 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the... Moderate Unreviewed
CVE-2024-12870 was published Mar 20, 2025
An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a... Moderate Unreviewed
CVE-2024-12871 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3.... High Unreviewed
CVE-2024-4023 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui... Moderate Unreviewed
CVE-2024-12374 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0. The... Moderate Unreviewed
CVE-2024-11441 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify... Moderate Unreviewed
CVE-2024-11850 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest,... Moderate Unreviewed
CVE-2024-11824 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The... High Unreviewed
CVE-2024-10720 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10721 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10723 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The... Low Unreviewed
CVE-2024-10722 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2,... Low Unreviewed
CVE-2024-10724 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This... Low Unreviewed
CVE-2024-10725 was published Mar 20, 2025
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0... Low Unreviewed
CVE-2024-10727 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically... Low Unreviewed
CVE-2024-10719 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3... Moderate Unreviewed
CVE-2024-0640 was published Mar 20, 2025
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-2108 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database