GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
High
CVE-2026-33204
was published
for
kelvinmo/simplejwt
(Composer)
Mar 18, 2026
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Critical
CVE-2025-67511
was published
for
cai-framework
(pip)
Dec 9, 2025
changedetection.io: Stored XSS in Watch update via API
Low
CVE-2025-62780
was published
for
changedetection.io
(pip)
Nov 12, 2025
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Low
CVE-2025-62380
was published
for
mailgen
(npm)
Oct 15, 2025
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Low
CVE-2025-62366
was published
for
mailgen
(npm)
Oct 14, 2025
Mailgen: HTML injection vulnerability in plaintext e-mails
Moderate
CVE-2025-59526
was published
for
mailgen
(npm)
Sep 22, 2025
Gogs XSS allowed by stored call in PDF renderer
Moderate
CVE-2025-47943
was published
for
github.com/gogs/gogs
(Go)
Jun 26, 2025
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Critical
CVE-2024-32651
was published
for
changedetection.io
(pip)
Oct 15, 2024
ONOS vulnerable to Cross-site Scripting
Moderate
CVE-2023-30093
was published
for
org.onosproject:onos-archetypes
(Maven)
May 5, 2023
ONOS vulnerable to reflected cross-site scripting
Moderate
CVE-2023-24279
was published
for
org.onosproject:onos-archetypes
(Maven)
Mar 14, 2023
Stored cross site scripting in changedetection.io
Moderate
CVE-2023-24769
was published
for
changedetection.io
(pip)
Feb 18, 2023
ProTip!
Advisories are also available from the
GraphQL API