GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,019 advisories
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Moderate
CVE-2019-10219
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jan 8, 2020
hibernate-validator Cross-site Scripting vulnerability
Moderate
CVE-2023-1932
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Nov 7, 2024
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
KaTeX \htmlData does not validate attribute names
Moderate
CVE-2025-23207
was published
for
katex
(npm)
Jan 17, 2025
Indico vulnerable to Cross-Site Scripting via LaTeX math code
Moderate
CVE-2025-59035
was published
for
indico
(pip)
Sep 10, 2025
copyparty vulnerable to reflected cross-site scripting via k304 parameter
Moderate
CVE-2023-38501
was published
for
copyparty
(pip)
Jul 25, 2023
Mermaid improperly sanitizes sequence diagram labels leading to XSS
Moderate
CVE-2025-54881
was published
for
mermaid
(npm)
Aug 19, 2025
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
Moderate
CVE-2025-9823
was published
for
mautic/core
(Composer)
Sep 3, 2025
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Moderate
CVE-2025-47946
was published
for
symfony/ux-live-component
(Composer)
May 19, 2025
Gokapi has stored XSS vulnerability in friendly name for API keys
Moderate
CVE-2025-48495
was published
for
github.com/forceu/gokapi
(Go)
Jun 3, 2025
Gokapi vulnerable to stored XSS via uploading file with malicious file name
Moderate
CVE-2025-48494
was published
for
github.com/forceu/gokapi
(Go)
Jun 3, 2025
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
Moderate
CVE-2025-27506
was published
for
nocodb
(npm)
Mar 6, 2025
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality
Moderate
CVE-2025-55742
was published
for
unopim/unopim
(Composer)
Aug 21, 2025
ProTip!
Advisories are also available from the
GraphQL API