Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
OpenBao has Reflected XSS in its OIDC authentication error message Critical
CVE-2026-33758 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module Moderate
CVE-2026-27116 was published for code.vikunja.io/api (Go) Feb 25, 2026
sudo0xksh Credited to sudo0xksh
Vikunja Vulnerable to XSS Via Task Preview High
CVE-2026-25935 was published for code.vikunja.io/api (Go) Feb 11, 2026
supercoolspy Credited to supercoolspy
Navidrome has XSS via comment from song metadata Moderate
CVE-2026-25578 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
AlexGustafsson Credited to AlexGustafsson
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii Credited to r3verii
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim Moderate
CVE-2025-27155 was published for github.com/matrix-org/pinecone (Go) Mar 4, 2025
Treanglex Credited to Treanglex
Rancher API Server Cross-site Scripting Vulnerability High
CVE-2023-32192 was published for github.com/rancher/apiserver (Go) Feb 8, 2024
diego95root Credited to diego95root and kujalamathias kujalamathias kujalamathias
Norman API Cross-site Scripting Vulnerability High
CVE-2023-32193 was published for github.com/rancher/norman (Go) Feb 8, 2024
diego95root Credited to diego95root and kujalamathias kujalamathias kujalamathias
go package pydio cells vulnerable to cross-site scripting Moderate
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf Credited to aidilarf
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005 Credited to wuhan005
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database