Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
morimori-dev Credited to morimori-dev
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values Moderate
CVE-2026-39960 was published for mantisbt/mantisbt (Composer) May 11, 2026
morimori-dev Credited to morimori-dev, dregad, and TristanInSec dregad dregad
TristanInSec TristanInSec
Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order Moderate
CVE-2026-44568 was published for open-webui (pip) May 8, 2026
morimori-dev Credited to morimori-dev and Classic298 Classic298 Classic298
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values Moderate
CVE-2026-35588 was published for glances (pip) Apr 21, 2026
morimori-dev Credited to morimori-dev
rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives Moderate
CVE-2026-40301 was published for rhukster/dom-sanitizer (Composer) Apr 10, 2026
morimori-dev Credited to morimori-dev
Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items Moderate
CVE-2026-33628 was published for invoiceninja/invoiceninja (Composer) Mar 24, 2026
morimori-dev Credited to morimori-dev
ProTip! Advisories are also available from the GraphQL API