Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution Critical
CVE-2026-45375 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
Revanth011 Credited to Revanth011
SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) Critical
CVE-2026-44588 was published for github.com/siyuan-note/siyuan/kernel (Go) May 8, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE Critical
CVE-2026-44670 was published for github.com/siyuan-note/siyuan/kernel (Go) May 8, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions Critical
CVE-2026-39846 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 8, 2026
ngocnn97 Credited to ngocnn97
SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client Critical
CVE-2026-34448 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 31, 2026
ngocnn97 Credited to ngocnn97
SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) Critical
CVE-2026-32940 was published for github.com/siyuan-note/siyuan (Go) Mar 17, 2026
vnykmshr Credited to vnykmshr
ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint Critical
CVE-2026-29191 was published for github.com/zitadel/zitadel (Go) Mar 4, 2026
amit-laish Credited to amit-laish, bastionstack, and livio-a bastionstack bastionstack
livio-a livio-a
SiYuan: Unauthenticated Reflected XSS via SVG Injection in /api/icon/getDynamicIcon Endpoint Critical
CVE-2026-29183 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 4, 2026
maru1009 Credited to maru1009
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK Credited to Ry0taK and crenshaw-dev crenshaw-dev crenshaw-dev
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev Credited to thevilledev
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE Critical
CVE-2024-51735 was published for github.com/j3ssie/osmedeus (Go) Nov 5, 2024
n00b-bot Credited to n00b-bot
Gitea Cross-site Scripting Vulnerability Critical
CVE-2024-6886 was published for code.gitea.io/gitea (Go) Aug 6, 2024
Cross-site scripting on application summary component Critical
CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
Ry0taK Credited to Ry0taK, agaudreault, and crenshaw-dev agaudreault agaudreault
crenshaw-dev crenshaw-dev
Django Template Engine Vulnerable to XSS Critical
CVE-2024-22199 was published for github.com/gofiber/template/django/v3 (Go) Jan 11, 2024
bastianwegge Credited to bastianwegge, sixcolors, gaby, ReneWerner87, and efectn sixcolors sixcolors
gaby gaby ReneWerner87 ReneWerner87 efectn efectn
Cross-site scripting vulnerability found in answerdev/answer Critical
CVE-2023-0740 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer contains Cross-site Scripting vulnerability Critical
CVE-2023-0742 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer has Cross-site Scripting vulnerability Critical
CVE-2023-0741 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer subject to Cross-site Scripting vulnerability Critical
CVE-2023-0743 was published for github.com/answerdev/answer (Go) Feb 8, 2023
usememos/memos vulnerable to Cross-site Scripting Critical
CVE-2022-4866 was published for github.com/usememos/memos (Go) Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability Critical
CVE-2022-4865 was published for github.com/usememos/memos (Go) Dec 31, 2022
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database