GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display
Moderate
GHSA-fw8g-cg8f-9j28
was published
for
github.com/prometheus/prometheus
(Go)
May 5, 2026
SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions
Critical
CVE-2026-39846
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Apr 8, 2026
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
High
CVE-2026-34725
was published
for
dbgate-web
(npm)
Apr 1, 2026
SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution
High
CVE-2026-34585
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Apr 1, 2026
SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark
High
CVE-2026-34453
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 31, 2026
SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client
Critical
CVE-2026-34448
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 31, 2026
ProTip!
Advisories are also available from the
GraphQL API