GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
457 advisories
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
High
CVE-2025-27108
was published
for
dom-expressions
(npm)
Feb 25, 2025
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
High
CVE-2025-27109
was published
for
solid-js
(npm)
Feb 25, 2025
Leantime allows Stored Cross-Site Scripting (XSS)
High
GHSA-c39w-3pjx-qc7m
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)
High
GHSA-v4q9-437p-mhpg
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation
High
CVE-2025-27088
was published
for
github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy
(Go)
Feb 20, 2025
CKAN has an XSS vector in user uploaded images in group/org and user profiles
High
CVE-2025-24372
was published
for
ckan
(pip)
Feb 5, 2025
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document
High
GHSA-xr3m-6gq6-22cg
was published
for
pimcore/pimcore
(Composer)
Jan 28, 2025
Authenticated Stored XSS in YesWiki
High
CVE-2025-24018
was published
for
yeswiki/yeswiki
(Composer)
Jan 21, 2025
Unauthenticated DOM Based XSS in YesWiki
High
CVE-2025-24017
was published
for
yeswiki/yeswiki
(Composer)
Jan 21, 2025
ProTip!
Advisories are also available from the
GraphQL API