Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,905
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Loading
csaf-poc/csaf_distribution Cross-site Scripting vulnerability Moderate
CVE-2022-43996 was published for github.com/csaf-poc/csaf_distribution (Go) Dec 14, 2022
tdunlap607
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
Rancher UI has Stored Cross-site Scripting vulnerability High
CVE-2024-52281 was published for github.com/rancher/rancher (Go) Jan 14, 2025
Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration Moderate
CVE-2025-31483 was published for miniflux.app/v2 (Go) Apr 4, 2025
Ry0taK takumi-san-ai
LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality Moderate
CVE-2024-9900 was published for github.com/mudler/LocalAI (Go) Mar 20, 2025
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Moderate
CVE-2023-27592 was published for miniflux.app/v2 (Go) Apr 2, 2025
fguillot 40826d
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
LF Edge eKuiper allows Stored XSS in Rules Functionality Moderate
CVE-2024-52812 was published for github.com/lf-edge/ekuiper (Go) Mar 10, 2025
TheMostKnown ngjaying
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim Moderate
CVE-2025-27155 was published for github.com/matrix-org/pinecone (Go) Mar 4, 2025
Treanglex
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation High
CVE-2025-27088 was published for github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy (Go) Feb 20, 2025
ddvleeuwen oxyno-zeta
Apache Answer: XSS vulnerability when changing personal website Moderate
CVE-2024-29217 was published for github.com/apache/incubator-answer (Go) Apr 21, 2024
Duplicate Advisory: Grafana Stored Cross-site Scripting vulnerability Moderate
GHSA-3cgw-hfw7-wc7j was published for github.com/grafana/grafana (Go) Mar 23, 2023 withdrawn
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0507 was published for github.com/grafana/grafana (Go) Mar 1, 2023
http-swagger XSS via PUT requests Moderate
CVE-2024-25712 was published for github.com/swaggo/http-swagger (Go) Feb 29, 2024
Hashicorp Consul Cross-site Scripting vulnerability Moderate
CVE-2024-10086 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
Improper HTML sanitization in ZITADEL High
CVE-2024-28855 was published for github.com/zitadel/zitadel (Go) Mar 18, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
Apache Answer Cross-site Scripting vulnerability Moderate
CVE-2024-23349 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
Stored XSS using two files in usememos/memos Moderate
CVE-2023-0109 was published for github.com/usememos/memos (Go) Nov 15, 2024
Grafana Stored Cross-site Scripting in Unified Alerting Moderate
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database