GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
55 advisories
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Moderate
CVE-2025-64187
was published
for
octoprint
(pip)
Nov 4, 2025
bagisto has Cross Site Scripting (XSS) in Create New Customer
Moderate
CVE-2025-62414
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
Moderate
CVE-2025-62418
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Moderate
CVE-2025-62415
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
Froxlor has an HTML Injection Vulnerability
Moderate
CVE-2025-48958
was published
for
froxlor/froxlor
(Composer)
Mar 11, 2025
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Moderate
CVE-2025-27155
was published
for
github.com/matrix-org/pinecone
(Go)
Mar 4, 2025
Formwork has a cross-site scripting (XSS) vulnerability in Site title
Moderate
GHSA-vf6x-59hh-332f
was published
for
getformwork/formwork
(Composer)
Mar 1, 2025
Leantime affected by Improper Neutralization of HTML Tags
Moderate
CVE-2025-28254
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
Moderate
CVE-2024-56199
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 2, 2025
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Moderate
CVE-2024-47765
was published
for
dev-lancer/minecraft-motd-parser
(Composer)
Oct 4, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Moderate
CVE-2024-47536
was published
for
starcitizentools/citizen-skin
(Composer)
Sep 30, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Moderate
CVE-2024-45406
was published
for
craftcms/cms
(Composer)
Sep 9, 2024
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
TokenController formName not sanitized in hidden input
Moderate
CVE-2024-37156
was published
for
sulu/form-bundle
(Composer)
Jun 6, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Moderate
CVE-2024-32966
was published
for
static-web-server
(Rust)
May 1, 2024
ProTip!
Advisories are also available from the
GraphQL API