GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
33 advisories
jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
High
CVE-2026-25940
was published
for
jspdf
(npm)
Feb 19, 2026
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
High
CVE-2026-25755
was published
for
jspdf
(npm)
Feb 19, 2026
Fabric.js Affected by Stored XSS via SVG Export
High
CVE-2026-27013
was published
for
fabric
(npm)
Feb 18, 2026
jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution
High
CVE-2026-24737
was published
for
jspdf
(npm)
Feb 2, 2026
Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'
High
CVE-2025-65959
was published
for
open-webui
(npm)
Dec 4, 2025
motionEye vulnerable to RCE via unsanitized motion config parameter
High
CVE-2025-60787
was published
for
motioneye
(pip)
Nov 3, 2025
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
High
CVE-2025-61773
was published
for
pyload-ng
(pip)
Oct 9, 2025
YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution
High
CVE-2025-46347
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
High
CVE-2025-27108
was published
for
dom-expressions
(npm)
Feb 25, 2025
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
High
CVE-2025-27109
was published
for
solid-js
(npm)
Feb 25, 2025
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
High
CVE-2023-43620
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
ProTip!
Advisories are also available from the
GraphQL API