GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
High
CVE-2023-30614
was published
for
pay
(RubyGems)
Apr 20, 2023
CometVisu Backend for openHAB affected by SSRF/XSS
High
CVE-2024-42467
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
High
CVE-2025-25293
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
High
CVE-2026-24769
was published
for
nocodb
(npm)
Jan 28, 2026
Unauthenticated Spree Commerce users can view completed guest orders by Order ID
High
CVE-2026-25757
was published
for
spree_storefront
(RubyGems)
Feb 5, 2026
Unauthenticated Spree Commerce users can access all guest addresses
High
CVE-2026-25758
was published
for
spree_api
(RubyGems)
Feb 5, 2026
Sylius affected by IDOR in Cart and Checkout LiveComponents
High
CVE-2026-31820
was published
for
sylius/sylius
(Composer)
Mar 11, 2026
ProTip!
Advisories are also available from the
GraphQL API