GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
515 advisories
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
Moderate
GHSA-h8r8-wccr-v5f2
was published
for
dompurify
(npm)
Mar 27, 2026
n8n has XSS in its Credential Management Flow
Moderate
GHSA-364x-8g5j-x2pr
was published
for
n8n
(npm)
Mar 27, 2026
n8n has XSS in Chat Trigger Node through Custom CSS
Moderate
GHSA-3c7f-5hgj-h279
was published
for
n8n
(npm)
Mar 27, 2026
n8n: Authenticated XSS and Open Redirect via Form Node
Moderate
GHSA-w673-8fjw-457c
was published
for
n8n
(npm)
Mar 27, 2026
n8n has a Stored XSS Vulnerability in its Form Trigger
Moderate
GHSA-q4fm-pjq6-m63g
was published
for
n8n
(npm)
Mar 27, 2026
Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Moderate
CVE-2026-33916
was published
for
handlebars
(npm)
Mar 26, 2026
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Moderate
CVE-2026-33749
was published
for
n8n
(npm)
Mar 26, 2026
PDFME has XSS via Unsanitized i18n Label Injection into innerHTML in multiVariableText propPanel
Moderate
GHSA-xgx4-2wgv-4jhm
was published
for
@pdfme/schemas
(npm)
Mar 20, 2026
SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials
Moderate
CVE-2026-33311
was published
for
@dicebear/core
(npm)
Mar 19, 2026
Cross-Site Scripting (XSS) via SVG Schema innerHTML Injection in @pdfme/schemas
Moderate
GHSA-87v3-4cfp-cm76
was published
for
@pdfme/schemas
(npm)
Mar 18, 2026
Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas
Moderate
GHSA-qq9g-96v4-m3cj
was published
for
@pdfme/schemas
(npm)
Mar 18, 2026
Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Moderate
CVE-2026-31860
was published
for
unhead
(npm)
Mar 12, 2026
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types
Moderate
CVE-2026-31868
was published
for
parse-server
(npm)
Mar 11, 2026
CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package
Moderate
CVE-2026-28343
was published
for
@ckeditor/ckeditor5-html-support
(npm)
Mar 4, 2026
OpenClaw has Canvas route hardening for mixed-trust deployments
Moderate
GHSA-cjv3-m589-v3rx
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering
Moderate
GHSA-r294-2894-92j3
was published
for
openclaw
(npm)
Mar 3, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells
Moderate
CVE-2026-28401
was published
for
nocodb
(npm)
Mar 3, 2026
NocoDB Vulnerable to Stored Cross-site Scripting via Comments
Moderate
CVE-2026-28397
was published
for
nocodb
(npm)
Mar 3, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells
Moderate
CVE-2026-28398
was published
for
nocodb
(npm)
Mar 3, 2026
DOMPurify contains a Cross-site Scripting vulnerability
Moderate
CVE-2026-0540
was published
for
dompurify
(npm)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API