GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
92 advisories
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender
Moderate
GHSA-ffq5-qpvf-xq7x
was published
for
openc3
(RubyGems)
Apr 22, 2026
Decidim has a cross-site scripting (XSS) in user name
Critical
CVE-2026-23891
was published
for
decidim-core
(RubyGems)
Apr 13, 2026
Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Moderate
CVE-2026-33170
was published
for
activesupport
(RubyGems)
Mar 23, 2026
Avo has a XSS vulnerability on `return_to` param
Moderate
CVE-2026-33209
was published
for
avo
(RubyGems)
Mar 18, 2026
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
Rails has possible XSS Vulnerability in Action Controller
Moderate
CVE-2024-26143
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Moderate
CVE-2026-25500
was published
for
rack
(RubyGems)
Feb 17, 2026
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
High
CVE-2025-64501
was published
for
prosemirror_to_html
(RubyGems)
Nov 6, 2025
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API