Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,900
Maven
5,000+
npm
4,552
NuGet
786
pip
4,287
Pub
12
RubyGems
979
Rust
1,110
Swift
49
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS) Low
CVE-2025-70849 was published for github.com/stefanprodan/podinfo (Go) Feb 3, 2026
Argo Workflows affected by stored XSS in the artifact directory listing High
CVE-2026-23960 was published for github.com/argoproj/argo-workflows (Go) Jan 21, 2026
Masamuneee
Credited to Masamuneee
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability Moderate
CVE-2026-22808 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490 iansltx
Credited to prateek-0490 and iansltx
SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon Low
CVE-2026-23847 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 21, 2026
jaroslaw-wawiorko
Credited to jaroslaw-wawiorko
SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload Moderate
CVE-2026-23645 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 16, 2026
jaroslaw-wawiorko
Credited to jaroslaw-wawiorko
Mattermost Server vulnerable to XSS via an uploaded file Moderate
CVE-2017-18904 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through display name field Moderate
CVE-2017-18893 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover Moderate
CVE-2026-21483 was published for github.com/knadh/listmonk (Go) Jan 2, 2026
PlayerIUnknown
Credited to PlayerIUnknown
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
CVE-2025-45286 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
Credited to AyushXtha
Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-p4f6-h8jj-vfvf was published for github.com/mccutchen/go-httpbin (Go) Jan 2, 2026 withdrawn
Libredesk has Improper Neutralization of HTML Tags in a Web Page High
CVE-2025-68927 was published for github.com/abhinavxd/libredesk (Go) Dec 16, 2025
PlayerIUnknown
Credited to PlayerIUnknown
Gitea vulnerable to Cross-site Scripting Moderate
CVE-2025-68946 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text Moderate
CVE-2025-68942 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Algernon Cross-Site Scripting vulnerability Moderate
CVE-2025-65754 was published for github.com/xyproto/algernon (Go) Dec 10, 2025
ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login High
CVE-2025-67495 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish peintnermax
livio-a
Credited to amit-laish, peintnermax, and livio-a
Mattermost Server is vulnerable to XSS through author_link field in Slack attachments Moderate
CVE-2017-18879 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page Moderate
CVE-2017-18877 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Moderate
CVE-2025-64716 was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Mattermost Server allows XSS via CSRF Moderate
CVE-2016-11084 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution Moderate
CVE-2016-11083 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through crafted links Moderate
CVE-2016-11082 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows XSS via redirect URL Moderate
CVE-2016-11079 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through lack of link relationship attributes `noreferrer` and `noopener` Moderate
CVE-2016-11071 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS via a Legal or Support setting Moderate
CVE-2016-11073 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through customizable theme color-code values Moderate
CVE-2016-11070 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database