CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/09 2:40 p.m.•1 views

SUSE-SU-2026:21159-1 Security update for python-gi-docgen

This update for python-gi-docgen fixes the following issues: - CVE-2025-11687: Fixed reflected DOM XSS bsc1251961...

6.1CVSS5.7AI score0.00007EPSS

OSV•added 2026/01/26 9:30 p.m.•2 views

GHSA-6P6H-RQR6-62MV GI-DocGen vulnerable to Reflected XSS via unescaped query strings

A flaw was found in GI-DocGen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

Snyk•added 2026/01/26 9:30 p.m.•2 views

Exploits0References6

Cross-site Scripting (XSS)

Overview gi-docgen is a Documentation tool for GObject-based libraries Affected versions of this package are vulnerable to Cross-site Scripting XSS via the q GET parameter. An attacker can execute arbitrary JavaScript in the context of the page by crafting a malicious URL that injects code into t...

Github Security Blog•added 2026/01/26 9:30 p.m.•5 views

GI-DocGen vulnerable to Reflected XSS via unescaped query strings

Exploits0References6Affected Software1

NVD•added 2026/01/26 8:16 p.m.•2 views

CVE-2025-11687

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

6.1CVSS0.00007EPSS

OSV•added 2026/01/26 8:16 p.m.•0 views

UBUNTU-CVE-2025-11687

ATTACKERKB•added 2026/01/26 7:36 p.m.•2 views

CVE-2025-11687

CVE•added 2026/01/26 7:36 p.m.•14 views

CVE-2025-11687

The CVE-2025-11687 issue affects the gi-docgen library and is confirmed by multiple sources (GHSA advisory, NVD/Red Hat entry, Debian/Amazon Linux advisories). It is a reflected DOM XSS vulnerability where an unescaped q query parameter allows arbitrary JavaScript execution in the page context, e...

Cvelist•added 2026/01/26 7:36 p.m.•19 views

CVE-2025-11687 Gi-docgen: reflected dom xss in gi-docgen

6.1CVSS0.00007EPSS

Vulnrichment•added 2026/01/26 7:36 p.m.•3 views

CVE-2025-11687 Gi-docgen: reflected dom xss in gi-docgen

EUVD•added 2026/01/26 7:36 p.m.•5 views

EUVD-2025-206336

Tenable Nessus•added 2025/10/28 12:0 a.m.•3 views

Amazon Linux 2023 : (ALAS2023-2025-1247)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1247 advisory. gi-docgen does not encode search terms before inserting them into HTML, allowing XSS via a crafted URL. Description obtained from: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228 CVE-2025-11687...

6.1CVSS5.3AI score0.00007EPSS

OpenVAS•added 2025/10/28 12:0 a.m.•0 views

Fedora: Security Advisory (FEDORA-2025-86cf4f2eed)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS5.9AI score0.00007EPSS

Tenable Nessus•added 2025/10/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-11687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page enabling DOM access, session cookie theft...

Amazon•added 2025/10/27 12:0 a.m.•3 views

Important: gi-docgen

Issue Overview: gi-docgen does not encode search terms before inserting them into HTML, allowing XSS via a crafted URL. Description obtained from: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228 CVE-2025-11687 Affected Packages: gi-docgen Issue Correction: Run dnf update gi-docgen...

6.1CVSS6.1AI score0.00007EPSS

Exploits0

Tenable Nessus•added 2025/10/25 12:0 a.m.•3 views

Fedora 43 : gi-docgen (2025-86cf4f2eed)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-86cf4f2eed advisory. gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687. The severity of this issue depends on what else is hosted on the same domain as the...

6.1CVSS5.5AI score0.00007EPSS

CNNVD•added 2025/10/21 12:0 a.m.•2 views

GI-DocGen Cross-Site Scripting Vulnerability

GI-DocGen is an open source document generation library for GNOME. GI-DocGen suffers from a cross-site scripting vulnerability that stems from susceptibility to cross-site scripting attacks that could lead to the execution of JavaScript code in a web environment...

6.1CVSS5.8AI score0.00007EPSS

Tenable Nessus•added 2025/10/21 12:0 a.m.•2 views

Fedora 41 : gi-docgen (2025-52dc5ac7d9)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-52dc5ac7d9 advisory. gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687. The severity of this issue depends on what else is hosted on the same domain as the...

6.1CVSS5.5AI score0.00007EPSS