Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function High
CVE-2026-52854 was published for mediawiki/maps (Composer) Jul 2, 2026
SomeMWDev Credited to SomeMWDev
Citizen vulnerable to stored XSS in sticky header button messages Moderate
CVE-2025-62508 was published for starcitizentools/citizen-skin (Composer) Oct 20, 2025
SomeMWDev Credited to SomeMWDev
Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes High
CVE-2025-59839 was published for starcitizenwiki/embedvideo (Composer) Sep 24, 2025
SomeMWDev Credited to SomeMWDev
Citizen Short Description stored XSS vulnerability through wikitext High
CVE-2025-53369 was published for starcitizentools/short-description (Composer) Jul 3, 2025
SomeMWDev Credited to SomeMWDev
Citizen vulnerable to Stored XSS through short descriptions High
CVE-2025-53370 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev Credited to SomeMWDev
starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions High
CVE-2025-53368 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev Credited to SomeMWDev
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev Credited to SomeMWDev
starcitizentools/citizen-skin allows stored XSS in user registration date message Moderate
CVE-2025-49578 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev Credited to SomeMWDev
starcitizentools/citizen-skin allows stored XSS in menu heading message Moderate
CVE-2025-49579 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev Credited to SomeMWDev
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages Moderate
CVE-2025-49577 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev Credited to SomeMWDev
starcitizentools/citizen-skin allows stored XSS in search no result messages Moderate
CVE-2025-49576 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev Credited to SomeMWDev
Citizen skin vulnerable to stored XSS through multiple system messages Moderate
CVE-2025-49575 was published for starcitizentools/citizen-skin (Composer) Jun 11, 2025
SomeMWDev Credited to SomeMWDev
ProTip! Advisories are also available from the GraphQL API