Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

116 advisories

Loading
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
DOMpurify has a nesting-based mXSS High
CVE-2024-47875 was published for dompurify (npm) Oct 11, 2024
bastien-roucaries eslerm
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
gettext.js has a Cross-site Scripting injection High
CVE-2024-43370 was published for gettext.js (npm) Aug 15, 2024
mcoimbra filipeom
Plate media plugins has a XSS in media embed element when using custom URL parsers High
CVE-2024-40631 was published for @udecode/plate-media (npm) Jul 15, 2024
ghtml Cross-Site Scripting (XSS) vulnerability High
CVE-2024-37166 was published for ghtml (npm) Jun 10, 2024
lirantal
lunary-ai/lunary XSS in SAML metadata endpoint High
CVE-2024-5478 was published for lunary (npm) Jun 6, 2024
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js High
CVE-2024-34342 was published for react-pdf (npm) May 7, 2024
calixteman ThomasRinsma
wojtekmaj
Cross-site Scripting in electron-pdf High
CVE-2024-1648 was published for electron-pdf (npm) Feb 20, 2024
@urql/next Cross-site Scripting vulnerability High
CVE-2024-24556 was published for @urql/next (npm) Jan 30, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability High
CVE-2024-24558 was published for @tanstack/react-query-next-experimental (npm) Jan 30, 2024
phryneas
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client High
CVE-2023-41049 was published for @dcl/single-sign-on-client (npm) Sep 4, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
webmention.js Cross-site Scripting vulnerability High
CVE-2023-3672 was published for webmention.js (npm) Jul 14, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme High
CVE-2023-34245 was published for @udecode/plate-link (npm) Jun 9, 2023
OliverWales
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS) High
CVE-2023-0835 was published for markdown-pdf (npm) Apr 5, 2023
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL High
CVE-2023-27474 was published for directus (npm) Mar 7, 2023
tofran
XSS Attack with Express API High
CVE-2023-23630 was published for eta (npm) Jan 31, 2023
agustingianni
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS) High
CVE-2023-22461 was published for @mattkrick/sanitize-svg (npm) Jan 5, 2023
lauritzh
Improper handling of email input High
CVE-2022-31127 was published for next-auth (npm) Jul 6, 2022
Sandiipmaity
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database