Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,377
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

430 advisories

Loading
Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag Moderate
CVE-2026-34231 was published for slippers (pip) Mar 30, 2026
evansd Credited to evansd
Home Assistant has stored XSS in history-graphs Low
CVE-2026-33045 was published for homeassistant (pip) Mar 27, 2026
pwnpanda Credited to pwnpanda
Home Assistant has stored XSS in Map-card through malicious device name Low
CVE-2026-33044 was published for homeassistant (pip) Mar 27, 2026
pwnpanda Credited to pwnpanda
JustHTML is vulnerable to XSS via code fence breakout in <pre> content High
GHSA-5vp3-3cg6-2rq3 was published for justhtml (pip) Mar 24, 2026
AlfinJ0se Credited to AlfinJ0se
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk Moderate
CVE-2026-33230 was published for nltk (pip) Mar 18, 2026
leduckhuong Credited to leduckhuong
JustHTML has a Sanitizer Bypass (in Markdown) Moderate
GHSA-3rcm-vjrc-p45j was published for justhtml (pip) Mar 18, 2026
kejcao Credited to kejcao
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script) Moderate
GHSA-qvc2-mg72-jjhx was published for justhtml (pip) Mar 18, 2026
offset Credited to offset
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution Moderate
CVE-2026-33140 was published for pyspector (pip) Mar 18, 2026
satoridev01 Credited to satoridev01
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata Low
CVE-2026-32722 was published for memray (pip) Mar 16, 2026
0xmrma Credited to 0xmrma
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form Moderate
CVE-2026-32112 was published for ha-mcp (pip) Mar 12, 2026
yotampe-pluto Credited to yotampe-pluto and julienld julienld julienld
Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html` Low
CVE-2026-32109 was published for copyparty (pip) Mar 12, 2026
thesanjok Credited to thesanjok
copyparty: volflag `nohtml` did not block javascript in svg files Moderate
CVE-2026-30974 was published for copyparty (pip) Mar 10, 2026
VarshankNaik Credited to VarshankNaik
changedetection.io has Reflected XSS in its RSS Tag Error Response Moderate
CVE-2026-29038 was published for changedetection.io (pip) Mar 4, 2026
Akokonunes Credited to Akokonunes
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface Moderate
CVE-2026-28223 was published for wagtail (pip) Mar 3, 2026
GCXWLP Credited to GCXWLP, RealOrangeOne, and gasman RealOrangeOne RealOrangeOne
gasman gasman
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes Moderate
CVE-2026-28222 was published for wagtail (pip) Mar 3, 2026
GCXWLP Credited to GCXWLP, RealOrangeOne, and gasman RealOrangeOne RealOrangeOne
gasman gasman
Copyparty vulnerable to reflected XSS via setck parameter Moderate
CVE-2026-27948 was published for copyparty (pip) Feb 26, 2026
iiDk-the-actual Credited to iiDk-the-actual
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute Moderate
CVE-2026-25736 was published for rucio-webui (pip) Feb 25, 2026
d-woosley Credited to d-woosley
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name Moderate
CVE-2026-25735 was published for rucio-webui (pip) Feb 25, 2026
d-woosley Credited to d-woosley
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata Moderate
CVE-2026-25734 was published for rucio-webui (pip) Feb 25, 2026
d-woosley Credited to d-woosley
changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response Moderate
CVE-2026-27645 was published for changedetection.io (pip) Feb 25, 2026
Akokonunes Credited to Akokonunes and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function High
CVE-2026-25733 was published for rucio-webui (pip) Feb 25, 2026
d-woosley Credited to d-woosley
Rucio WebUI has a Reflected Cross-site Scripting Vulnerability High
CVE-2026-25136 was published for rucio-webui (pip) Feb 25, 2026
d-woosley Credited to d-woosley
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering Critical
CVE-2026-27614 was published for bugsink (pip) Feb 25, 2026
ByamB4 Credited to ByamB4
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution Moderate
CVE-2026-27156 was published for nicegui (pip) Feb 24, 2026
anuraagbaishya Credited to anuraagbaishya, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
Isso affected by Stored XSS via comment website field Moderate
CVE-2026-27469 was published for isso (pip) Feb 24, 2026
ByamB4 Credited to ByamB4 and jelmer jelmer jelmer
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database