GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
40,881 advisories
JustHTML has a Sanitizer Bypass (in Markdown)
Moderate
GHSA-3rcm-vjrc-p45j
was published
for
justhtml
(pip)
Mar 18, 2026
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)
Moderate
GHSA-qvc2-mg72-jjhx
was published
for
justhtml
(pip)
Mar 18, 2026
mo has a XSS via inline SVG script tags in Markdown rendering
Low
GHSA-vccx-p757-pv6h
was published
for
github.com/k1LoW/mo
(Go)
Mar 18, 2026
Filament Unvalidated Range and Values summarizer values can be used for XSS
High
CVE-2026-33080
was published
for
filament/tables
(Composer)
Mar 18, 2026
Statamic has Stored XSS via SVG Sanitization Bypass
High
CVE-2026-33172
was published
for
statamic/cms
(Composer)
Mar 18, 2026
Avo has a XSS vulnerability on `return_to` param
Moderate
CVE-2026-33209
was published
for
avo
(RubyGems)
Mar 18, 2026
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
Moderate
CVE-2026-33140
was published
for
pyspector
(pip)
Mar 18, 2026
Cross-Site Scripting (XSS) via SVG Schema innerHTML Injection in @pdfme/schemas
Moderate
GHSA-87v3-4cfp-cm76
was published
for
@pdfme/schemas
(npm)
Mar 18, 2026
Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas
Moderate
GHSA-qq9g-96v4-m3cj
was published
for
@pdfme/schemas
(npm)
Mar 18, 2026
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata
Moderate
CVE-2026-33067
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 18, 2026
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Moderate
CVE-2026-33066
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 18, 2026
Craft CMS Vulnerable to Stored XSS in Revision Context Menu
Moderate
CVE-2026-33051
was published
for
craftcms/cms
(Composer)
Mar 18, 2026
ProTip!
Advisories are also available from the
GraphQL API