Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,474
Erlang
33
GitHub Actions
24
Go
2,198
Maven
5,000+
npm
3,843
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
912
Swift
38
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Open WebUI stored cross-site scripting (XSS) vulnerability High
CVE-2024-7990 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to a Session Fixation Attack High
CVE-2024-7053 was published for open-webui (pip) Mar 20, 2025
MobSF Stored Cross-Site Scripting (XSS) High
CVE-2025-24803 was published for mobsf (pip) Feb 5, 2025
CKAN has an XSS vector in user uploaded images in group/org and user profiles High
CVE-2025-24372 was published for ckan (pip) Feb 5, 2025
m4dn355
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
ydata cross-site scripting High
CVE-2024-37063 was published for ydata-profiling (pip) Jun 4, 2024
ansibleguy-webui Cross-site Scripting vulnerability High
CVE-2024-36110 was published for ansibleguy-webui (pip) May 28, 2024
ntrampham ansibleguy
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
nautobot has reflected Cross-site Scripting potential in all object list views High
CVE-2024-32979 was published for nautobot (pip) May 1, 2024
michaelpanorios
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page High
CVE-2024-30248 was published for piccolo-admin (pip) Apr 1, 2024
Skelmis
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
Potentially untrusted input is rendered as HTML in final output High
CVE-2024-26151 was published for mjml (pip) Feb 22, 2024
sh-at-cs
Cross-site Scripting in Pyhtml2pdf High
CVE-2024-1647 was published for pyhtml2pdf (pip) Feb 20, 2024
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam
XSS potential in rendered Markdown fields (comments, description, notes, etc.) High
CVE-2024-23345 was published for nautobot (pip) Jan 23, 2024
Kircheneer
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context High
CVE-2023-45815 was published for archivebox (pip) Oct 19, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database