Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz Credited to AdamKorcz, DavidKorczynski, and tdunlap607 DavidKorczynski DavidKorczynski
tdunlap607 tdunlap607
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-p4f6-h8jj-vfvf was published for github.com/mccutchen/go-httpbin (Go) Jan 2, 2026 withdrawn
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
CVE-2025-45286 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha Credited to AyushXtha
SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon Low
CVE-2026-23847 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 21, 2026
jaroslaw-wawiorko Credited to jaroslaw-wawiorko
Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS) Low
CVE-2025-70849 was published for github.com/stefanprodan/podinfo (Go) Feb 3, 2026
stefanprodan Credited to stefanprodan
mo has a XSS via inline SVG script tags in Markdown rendering Low
GHSA-vccx-p757-pv6h was published for github.com/k1LoW/mo (Go) Mar 18, 2026
yagihash Credited to yagihash
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database