Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
OpenStack Horizon Cross-site scripting (XSS) vulnerability Low
CVE-2014-3474 was published for horizon (pip) May 13, 2022
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees Credited to mauritsvanrees and icemac icemac icemac
Zope management interface vulnerable to stored cross site scripting via the title property Low
CVE-2023-44389 was published for Zope (pip) Oct 4, 2023
dataflake Credited to dataflake, drfho, icemac, and d-maurer drfho drfho
icemac icemac d-maurer d-maurer
Fides JavaScript Injection Vulnerability in Privacy Center URL Low
CVE-2023-46126 was published for ethyca-fides (pip) Oct 24, 2023
Loggerhead XSS via filename Low
CVE-2011-0728 was published for loggerhead (pip) May 17, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface Low
CVE-2014-3594 was published for horizon (pip) May 13, 2022
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya Credited to isacaya
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
Cross-site Scripting in djangorestframework Low
CVE-2024-21520 was published for djangorestframework (pip) Jun 26, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
copyparty renders unsanitized filenames as HTML when user uploads empty files Low
CVE-2025-27145 was published for copyparty (pip) Feb 26, 2025
JayPatel48 Credited to JayPatel48
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3 Credited to pysean3
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag Credited to msegoviag
WebSSH Cross-site Scripting vulnerability Low
CVE-2025-7885 was published for webssh (pip) Jul 20, 2025
changedetection.io: Stored XSS in Watch update via API Low
CVE-2025-62780 was published for changedetection.io (pip) Nov 12, 2025
edoardottt Credited to edoardottt
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack Low
GHSA-j4gv-6x9v-v23g was published for omero-web (pip) Nov 24, 2025
Spotipy has a XSS vulnerability in its OAuth callback server Low
CVE-2025-66040 was published for spotipy (pip) Dec 1, 2025
yueyueL Credited to yueyueL
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation Low
CVE-2025-65858 was published for calibreweb (pip) Dec 2, 2025
Mayan EDMS is vulnerable to XSS through the /authentication/ file Low
CVE-2025-14691 was published for mayan-edms (pip) Dec 15, 2025
Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html` Low
CVE-2026-32109 was published for copyparty (pip) Mar 12, 2026
thesanjok Credited to thesanjok
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata Low
CVE-2026-32722 was published for memray (pip) Mar 16, 2026
0xmrma Credited to 0xmrma
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database