Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Spark
Build and deploy intelligent apps
GitHub Models
Manage and compare prompts
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
graphite-project
/
graphite-web
Public
Notifications
You must be signed in to change notification settings
Fork
1.3k
Star
6k
Code
Issues
24
Pull requests
8
Discussions
Actions
Projects
0
Security
Uh oh!
There was an error while loading.
Please reload this page
.
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights
[BUG] [XBOW-025-006] Stored Open Redirect via URL Shortener in Graphite 1.1.10
#2872 ·
xbow-security
opened
on Jan 24, 2025
1
[BUG] [XBOW-025-004] Open Redirect Vulnerality in Graphite Account Logout Function
#2871 ·
xbow-security
opened
on Jan 24, 2025
3
[BUG] [XBOW-025-008] Reflected Cross-Site Scripting (XSS) Vulnerability in Graphite 1.1.10 via /metrics/find endpoint
#2870 ·
xbow-security
opened
on Jan 24, 2025
4
Issues
Search Issues
is
:
issue
state
:
open
is:issue state:open
Search
Labels
Milestones
New issue
Search results
Open
Closed
[BUG] Single quotes in graphite dashboard are automatically replaced with double quotes, escaping doesn't work. Affects applyByNode() function.
bug
pinned
Status: Open.
#2885
In graphite-project/graphite-web;
·
dimonoid
opened
on May 21, 2025
[BUG] [XBOW-025-006] Stored Open Redirect via URL Shortener in Graphite 1.1.10
bug
pinned
Status: Open.
#2872
In graphite-project/graphite-web;
·
xbow-security
opened
on Jan 24, 2025
[BUG] [XBOW-025-004] Open Redirect Vulnerality in Graphite Account Logout Function
bug
pinned
Status: Open.
#2871
In graphite-project/graphite-web;
·
xbow-security
opened
on Jan 24, 2025
[BUG] [XBOW-025-008] Reflected Cross-Site Scripting (XSS) Vulnerability in Graphite 1.1.10 via /metrics/find endpoint
bug
pinned
Status: Open.
#2870
In graphite-project/graphite-web;
·
xbow-security
opened
on Jan 24, 2025
installation uses 'local' under /opt/graphite /opt/graphite/local
pinned
Status: Open.
#2828
In graphite-project/graphite-web;
·
tcas-na
opened
on Nov 23, 2023
[BUG] [XSS] Multiple reflected cross-site scripting vulnarabilites in Graphite composer mygraph parameters(action and graphName).
bug
pinned
security
Security issue
Security issue
xss
Status: Open.
#2794
In graphite-project/graphite-web;
·
0x566164696D
opened
on Jan 20, 2023
[BUG] FAQ states python 2 is used
bug
pinned
Status: Open.
#2789
In graphite-project/graphite-web;
·
mutax
opened
on Nov 28, 2022
[BUG] Reflected XSS
bug
pinned
security
Security issue
Security issue
xss
Status: Open.
#2779
In graphite-project/graphite-web;
·
discodamone
opened
on Sep 21, 2022
[BUG] Self-XSS in "Absolute Time Range"
bug
pinned
security
Security issue
Security issue
xss
Status: Open.
#2746
In graphite-project/graphite-web;
·
takyoni
opened
on Apr 13, 2022
[BUG] Stored XSS in template name
bug
pinned
security
Security issue
Security issue
xss
Status: Open.
#2745
In graphite-project/graphite-web;
·
takyoni
opened
on Apr 13, 2022
[BUG] Stored XSS in cookie
bug
pinned
security
Security issue
Security issue
xss
Status: Open.
#2744
In graphite-project/graphite-web;
·
takyoni
opened
on Apr 13, 2022
Next release - 1.1.9 and 1.2.0
enhancement
pinned
Status: Open.
#2738
In graphite-project/graphite-web;
·
deniszh
opened
on Mar 6, 2022
You can’t perform that action at this time.