GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
472 advisories
svelte vulnerable to Cross-site Scripting
Moderate
CVE-2025-15265
was published
for
svelte
(npm)
Jan 15, 2026
Cross-Site Scripting in backbone
Moderate
CVE-2016-10537
was published
for
backbone
(npm)
Feb 18, 2019
jQuery vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2011-4969
was published
for
jQuery
(RubyGems)
May 14, 2022
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Moderate
CVE-2024-6783
was published
for
vue-template-compiler
(npm)
Jul 23, 2024
Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables
Moderate
CVE-2025-68115
was published
for
parse-server
(npm)
Dec 16, 2025
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
Moderate
GHSA-9x4v-xfq5-m8x5
was published
for
better-auth
(npm)
Feb 5, 2025
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
Astro allows unauthorized third-party images in _image endpoint
Moderate
CVE-2025-55303
was published
for
@astrojs/node
(npm)
Aug 19, 2025
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Moderate
CVE-2024-47885
was published
for
astro
(npm)
Oct 14, 2024
Angular vulnerable to Cross-site Scripting
Moderate
CVE-2021-4231
was published
for
@angular/core
(npm)
May 27, 2022
Angular vulnerable to Cross-site Scripting
Moderate
CVE-2020-7676
was published
for
angular
(npm)
Jun 18, 2020
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message
Moderate
CVE-2025-64758
was published
for
@dependencytrack/frontend
(npm)
Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting
Moderate
CVE-2025-64747
was published
for
directus
(npm)
Nov 14, 2025
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
Moderate
CVE-2024-6485
was published
for
bootstrap
(npm)
Jul 11, 2024
validator.js has a URL validation bypass vulnerability in its isURL function
Moderate
CVE-2025-56200
was published
for
validator
(npm)
Sep 30, 2025
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
components/jquery
(RubyGems)
Apr 29, 2020
ProTip!
Advisories are also available from the
GraphQL API