Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

411 advisories

Loading
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. Moderate Unreviewed
CVE-2025-64637 was published Jun 26, 2026
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS Moderate
CVE-2026-52816 was published for gogs.io/gogs (Go) Jun 23, 2026
JLGitHub66 Credited to JLGitHub66
OctoPrint has XSS in its Suppressed Command Notifications Moderate
CVE-2026-35163 was published for OctoPrint (pip) Jun 23, 2026
jacopotediosi Credited to jacopotediosi
Gogs: XSS in .ipynb files renderer due to outdated notebookjs High
GHSA-6vxv-wg6j-5qwp was published for gogs.io/gogs (Go) Jun 19, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, and grumpinout1 JorianWoltjer JorianWoltjer
grumpinout1 grumpinout1
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled High
CVE-2026-55692 was published for starcitizenwiki/embedvideo (Composer) Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template High
CVE-2026-55691 was published for starcitizenwiki/embedvideo (Composer) Jun 19, 2026
StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text High
CVE-2026-55690 was published for starcitizenwiki/embedvideo (Composer) Jun 19, 2026
Astro: Reflected XSS via unescaped slot name High
CVE-2026-50146 was published for astro (npm) Jun 16, 2026
floudeciel Credited to floudeciel
A reflected cross-site scripting issue exists in URL handling. Moderate Unreviewed
CVE-2026-9646 was published May 28, 2026
md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed) High
CVE-2026-46492 was published for md-fileserver (npm) May 21, 2026
kiwi865 Credited to kiwi865
Open WebUI Has Stored Cross-Site Scripting in SVG Renderer Moderate
CVE-2026-45346 was published for open-webui (npm) May 14, 2026
ZoczuS Credited to ZoczuS
ProTip! Advisories are also available from the GraphQL API