GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27 advisories
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"
High
CVE-2026-34598
was published
for
yeswiki/yeswiki
(Composer)
Apr 1, 2026
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Moderate
CVE-2026-27120
was published
for
leaf-kit
(Swift)
Feb 19, 2026
Contao is vulnerable to cross-site scripting in templates
Low
CVE-2025-65961
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
bagisto has Cross Site Scripting (XSS) in Create New Customer
Moderate
CVE-2025-62414
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
Moderate
CVE-2025-62418
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Moderate
CVE-2025-62415
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
Hax CMS Stored Cross-Site Scripting vulnerability
High
CVE-2025-49137
was published
for
elmsln/haxcms
(Composer)
Jun 9, 2025
Gokapi vulnerable to stored XSS via uploading file with malicious file name
Moderate
CVE-2025-48494
was published
for
github.com/forceu/gokapi
(Go)
Jun 3, 2025
Gokapi has stored XSS vulnerability in friendly name for API keys
Moderate
CVE-2025-48495
was published
for
github.com/forceu/gokapi
(Go)
Jun 3, 2025
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Moderate
CVE-2025-27793
was published
for
vega
(npm)
Mar 27, 2025
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
High
CVE-2024-32463
was published
for
phlex
(RubyGems)
Apr 17, 2024
pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name
Moderate
CVE-2023-4145
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Aug 3, 2023
ProTip!
Advisories are also available from the
GraphQL API