Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property) High
CVE-2026-25940 was published for jspdf (npm) Feb 19, 2026
Macabely
Credited to Macabely
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method High
CVE-2026-25755 was published for jspdf (npm) Feb 19, 2026
ZeroXJacks
Credited to ZeroXJacks
Fabric.js Affected by Stored XSS via SVG Export High
CVE-2026-27013 was published for fabric (npm) Feb 18, 2026
nedlir
Credited to nedlir
jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution High
CVE-2026-24737 was published for jspdf (npm) Feb 2, 2026
ahmetartuc
Credited to ahmetartuc
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure... High Unreviewed
CVE-2025-68460 was published Dec 18, 2025
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18... High Unreviewed
CVE-2025-8405 was published Dec 11, 2025
Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF' High
CVE-2025-65959 was published for open-webui (npm) Dec 4, 2025
pyozzi-toss L2VE
Credited to pyozzi-toss and L2VE
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under... High Unreviewed
CVE-2025-9127 was published Dec 4, 2025
A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This... High Unreviewed
CVE-2025-11085 was published Nov 11, 2025
motionEye vulnerable to RCE via unsanitized motion config parameter High
CVE-2025-60787 was published for motioneye (pip) Nov 3, 2025
prabhatverma47 MichaIng
Credited to prabhatverma47 and MichaIng
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into... High Unreviewed
CVE-2025-11713 was published Oct 14, 2025
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize... High Unreviewed
CVE-2025-55903 was published Oct 10, 2025
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. High Unreviewed
CVE-2021-25254 was published May 21, 2025
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific... High Unreviewed
CVE-2025-1308 was published May 20, 2025
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows... High Unreviewed
CVE-2025-24338 was published Apr 30, 2025
YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution High
CVE-2025-46347 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Credited to pizza-power
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0... High Unreviewed
CVE-2024-12368 was published Feb 25, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Credited to nsysean and ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
Credited to ryansolid and nsysean
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3... High Unreviewed
CVE-2024-46547 was published Dec 9, 2024
In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper... High Unreviewed
CVE-2018-9433 was published Nov 20, 2024
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow... High Unreviewed
CVE-2024-47549 was published Oct 25, 2024
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. High Unreviewed
CVE-2024-9348 was published Oct 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database