GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
340 advisories
Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag
Moderate
CVE-2026-34231
was published
for
slippers
(pip)
Mar 30, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk
Moderate
CVE-2026-33230
was published
for
nltk
(pip)
Mar 18, 2026
JustHTML has a Sanitizer Bypass (in Markdown)
Moderate
GHSA-3rcm-vjrc-p45j
was published
for
justhtml
(pip)
Mar 18, 2026
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)
Moderate
GHSA-qvc2-mg72-jjhx
was published
for
justhtml
(pip)
Mar 18, 2026
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
Moderate
CVE-2026-33140
was published
for
pyspector
(pip)
Mar 18, 2026
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
Moderate
CVE-2026-32112
was published
for
ha-mcp
(pip)
Mar 12, 2026
copyparty: volflag `nohtml` did not block javascript in svg files
Moderate
CVE-2026-30974
was published
for
copyparty
(pip)
Mar 10, 2026
changedetection.io has Reflected XSS in its RSS Tag Error Response
Moderate
CVE-2026-29038
was published
for
changedetection.io
(pip)
Mar 4, 2026
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
Moderate
CVE-2026-28223
was published
for
wagtail
(pip)
Mar 3, 2026
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Moderate
CVE-2026-28222
was published
for
wagtail
(pip)
Mar 3, 2026
Copyparty vulnerable to reflected XSS via setck parameter
Moderate
CVE-2026-27948
was published
for
copyparty
(pip)
Feb 26, 2026
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
Moderate
CVE-2026-25736
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Moderate
CVE-2026-25735
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
Moderate
CVE-2026-25734
was published
for
rucio-webui
(pip)
Feb 25, 2026
changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
Moderate
CVE-2026-27645
was published
for
changedetection.io
(pip)
Feb 25, 2026
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution
Moderate
CVE-2026-27156
was published
for
nicegui
(pip)
Feb 24, 2026
Isso affected by Stored XSS via comment website field
Moderate
CVE-2026-27469
was published
for
isso
(pip)
Feb 24, 2026
Indico Affected by Cross-Site-Scripting via material uploads
Moderate
CVE-2026-25739
was published
for
indico
(pip)
Feb 17, 2026
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Moderate
CVE-2026-25516
was published
for
nicegui
(pip)
Feb 5, 2026
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
Moderate
CVE-2026-21872
was published
for
nicegui
(pip)
Jan 8, 2026
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
Moderate
CVE-2026-21871
was published
for
nicegui
(pip)
Jan 8, 2026
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
ProTip!
Advisories are also available from the
GraphQL API