Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

385 advisories

Loading
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Credited to arkark
CKAN vulnerable to stored XSS in resource description Moderate
CVE-2025-54384 was published for ckan (pip) Oct 29, 2025
asifnawazminhas
Credited to asifnawazminhas
FastMCP vulnerable to reflected XSS in client's callback page Moderate
CVE-2025-62800 was published for fastmcp (pip) Oct 29, 2025
an7y
Credited to an7y
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name High
CVE-2025-62172 was published for homeassistant (pip) Oct 14, 2025
pwnpanda
Credited to pwnpanda
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description Moderate
CVE-2025-62528 was published for taguette (pip) Oct 20, 2025
emilvirkki
Credited to emilvirkki
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
NiceGUI has a Reflected XSS Moderate
CVE-2025-53354 was published for nicegui (pip) Oct 3, 2025
oxqnd
Credited to oxqnd
WebSSH Cross-site Scripting vulnerability Low
CVE-2025-7885 was published for webssh (pip) Jul 20, 2025
django CMS Cross-Site Scripting (XSS) Moderate
CVE-2024-11319 was published for django-cms (pip) Nov 18, 2024
Indico vulnerable to Cross-Site Scripting via LaTeX math code Moderate
CVE-2025-59035 was published for indico (pip) Sep 10, 2025
ThiefMaster
Credited to ThiefMaster
copyparty vulnerable to reflected cross-site scripting via k304 parameter Moderate
CVE-2023-38501 was published for copyparty (pip) Jul 25, 2023
TheHackyDog
Credited to TheHackyDog
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Credited to superboy-zjc
copyparty Reflected XSS via Filter Parameter Moderate
CVE-2025-54589 was published for copyparty (pip) Jul 31, 2025
Ju0x
Credited to Ju0x
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata Moderate
CVE-2025-54423 was published for copyparty (pip) Jul 28, 2025
altperfect
Credited to altperfect
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
Cadwyn vulnerable to XSS on the docs page High
CVE-2025-53528 was published for cadwyn (pip) Jul 21, 2025
protozeit
Credited to protozeit
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Credited to odaysec
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function Moderate
CVE-2025-6050 was published for Mezzanine (pip) Jun 17, 2025
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates Moderate
CVE-2025-53865 was published for roundup (pip) Jul 13, 2025
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
Credited to lDomenx
ChangeDetection.io XSS in watch overview High
CVE-2025-52558 was published for changedetection.io (pip) Jun 23, 2025
dgtlmoon
Credited to dgtlmoon
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
Credited to isacaya
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. High
CVE-2025-47783 was published for label-studio (pip) May 15, 2025
Medok228
Credited to Medok228
Mezzanine CMS Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-29573 was published for Mezzanine (pip) May 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database