GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
92 advisories
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender
Moderate
GHSA-ffq5-qpvf-xq7x
was published
for
openc3
(RubyGems)
Apr 22, 2026
Decidim has a cross-site scripting (XSS) in user name
Critical
CVE-2026-23891
was published
for
decidim-core
(RubyGems)
Apr 13, 2026
Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Moderate
CVE-2026-33170
was published
for
activesupport
(RubyGems)
Mar 23, 2026
Avo has a XSS vulnerability on `return_to` param
Moderate
CVE-2026-33209
was published
for
avo
(RubyGems)
Mar 18, 2026
Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Moderate
CVE-2026-25500
was published
for
rack
(RubyGems)
Feb 17, 2026
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
High
CVE-2025-64501
was published
for
prosemirror_to_html
(RubyGems)
Nov 6, 2025
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Moderate
CVE-2024-45594
was published
for
decidim-meetings
(RubyGems)
Nov 13, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API