GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
425 advisories
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk
Moderate
CVE-2026-33230
was published
for
nltk
(pip)
Mar 18, 2026
JustHTML has a Sanitizer Bypass (in Markdown)
Moderate
GHSA-3rcm-vjrc-p45j
was published
for
justhtml
(pip)
Mar 18, 2026
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)
Moderate
GHSA-qvc2-mg72-jjhx
was published
for
justhtml
(pip)
Mar 18, 2026
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
Moderate
CVE-2026-33140
was published
for
pyspector
(pip)
Mar 18, 2026
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata
Low
CVE-2026-32722
was published
for
memray
(pip)
Mar 16, 2026
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
Moderate
CVE-2026-32112
was published
for
ha-mcp
(pip)
Mar 12, 2026
Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
Low
CVE-2026-32109
was published
for
copyparty
(pip)
Mar 12, 2026
copyparty: volflag `nohtml` did not block javascript in svg files
Moderate
CVE-2026-30974
was published
for
copyparty
(pip)
Mar 10, 2026
changedetection.io has Reflected XSS in its RSS Tag Error Response
Moderate
CVE-2026-29038
was published
for
changedetection.io
(pip)
Mar 4, 2026
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
Moderate
CVE-2026-28223
was published
for
wagtail
(pip)
Mar 3, 2026
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Moderate
CVE-2026-28222
was published
for
wagtail
(pip)
Mar 3, 2026
Copyparty vulnerable to reflected XSS via setck parameter
Moderate
CVE-2026-27948
was published
for
copyparty
(pip)
Feb 26, 2026
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
Moderate
CVE-2026-25736
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Moderate
CVE-2026-25735
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
Moderate
CVE-2026-25734
was published
for
rucio-webui
(pip)
Feb 25, 2026
changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
Moderate
CVE-2026-27645
was published
for
changedetection.io
(pip)
Feb 25, 2026
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
High
CVE-2026-25733
was published
for
rucio-webui
(pip)
Feb 25, 2026
Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
High
CVE-2026-25136
was published
for
rucio-webui
(pip)
Feb 25, 2026
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Critical
CVE-2026-27614
was published
for
bugsink
(pip)
Feb 25, 2026
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution
Moderate
CVE-2026-27156
was published
for
nicegui
(pip)
Feb 24, 2026
Isso affected by Stored XSS via comment website field
Moderate
CVE-2026-27469
was published
for
isso
(pip)
Feb 24, 2026
Indico Affected by Cross-Site-Scripting via material uploads
Moderate
CVE-2026-25739
was published
for
indico
(pip)
Feb 17, 2026
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL
High
CVE-2026-25640
was published
for
pydantic-ai
(pip)
Feb 6, 2026
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Moderate
CVE-2026-25516
was published
for
nicegui
(pip)
Feb 5, 2026
ProTip!
Advisories are also available from the
GraphQL API