GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
741 advisories
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
Moderate
GHSA-h8r8-wccr-v5f2
was published
for
dompurify
(npm)
Mar 27, 2026
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
High
CVE-2026-33941
was published
for
handlebars
(npm)
Mar 27, 2026
n8n has XSS in its Credential Management Flow
Moderate
GHSA-364x-8g5j-x2pr
was published
for
n8n
(npm)
Mar 27, 2026
n8n has XSS in Chat Trigger Node through Custom CSS
Moderate
GHSA-3c7f-5hgj-h279
was published
for
n8n
(npm)
Mar 27, 2026
n8n: Authenticated XSS and Open Redirect via Form Node
Moderate
GHSA-w673-8fjw-457c
was published
for
n8n
(npm)
Mar 27, 2026
n8n has a Stored XSS Vulnerability in its Form Trigger
Moderate
GHSA-q4fm-pjq6-m63g
was published
for
n8n
(npm)
Mar 27, 2026
Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
High
CVE-2026-33979
was published
for
express-xss-sanitizer
(npm)
Mar 27, 2026
Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Moderate
CVE-2026-33916
was published
for
handlebars
(npm)
Mar 26, 2026
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Moderate
CVE-2026-33749
was published
for
n8n
(npm)
Mar 26, 2026
PDFME has XSS via Unsanitized i18n Label Injection into innerHTML in multiVariableText propPanel
Moderate
GHSA-xgx4-2wgv-4jhm
was published
for
@pdfme/schemas
(npm)
Mar 20, 2026
oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
High
CVE-2026-33331
was published
for
@orpc/openapi
(npm)
Mar 20, 2026
SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials
Moderate
CVE-2026-33311
was published
for
@dicebear/core
(npm)
Mar 19, 2026
Cross-Site Scripting (XSS) via SVG Schema innerHTML Injection in @pdfme/schemas
Moderate
GHSA-87v3-4cfp-cm76
was published
for
@pdfme/schemas
(npm)
Mar 18, 2026
Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas
Moderate
GHSA-qq9g-96v4-m3cj
was published
for
@pdfme/schemas
(npm)
Mar 18, 2026
jsPDF has HTML Injection in New Window paths
Critical
CVE-2026-31938
was published
for
jspdf
(npm)
Mar 17, 2026
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
High
CVE-2026-32728
was published
for
parse-server
(npm)
Mar 16, 2026
Angular vulnerable to XSS in i18n attribute bindings
High
CVE-2026-32635
was published
for
@angular/compiler
(npm)
Mar 13, 2026
OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")
High
CVE-2026-32308
was published
for
oneuptime
(npm)
Mar 13, 2026
ProTip!
Advisories are also available from the
GraphQL API