GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
High
Unreviewed
CVE-2024-44061
was published
Oct 20, 2024
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due...
High
Unreviewed
CVE-2024-8981
was published
Oct 1, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE...
High
Unreviewed
CVE-2024-2010
was published
Sep 12, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in...
High
Unreviewed
CVE-2024-32484
was published
Jul 22, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7...
High
Unreviewed
CVE-2024-34507
was published
May 5, 2024
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar...
High
Unreviewed
CVE-2024-4439
was published
May 3, 2024
Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers...
High
Unreviewed
CVE-2024-33423
was published
May 1, 2024
A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module...
High
Unreviewed
CVE-2024-33831
was published
Apr 30, 2024
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Mautic vulnerable to stored cross-site scripting in description field
High
CVE-2021-27915
was published
for
mautic/core
(Composer)
Apr 11, 2024
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker...
High
Unreviewed
CVE-2023-40290
was published
Mar 27, 2024
Withdrawn Advisory: Kirby CMS HTML injection vulnerability
High
CVE-2024-26482
was published
for
getkirby/cms
(Composer)
Feb 22, 2024
•
withdrawn
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
Rancher API Server Cross-site Scripting Vulnerability
High
CVE-2023-32192
was published
for
github.com/rancher/apiserver
(Go)
Feb 8, 2024
Norman API Cross-site Scripting Vulnerability
High
CVE-2023-32193
was published
for
github.com/rancher/norman
(Go)
Feb 8, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
High
CVE-2024-23841
was published
for
@apollo/experimental-nextjs-app-support
(npm)
Jan 30, 2024
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to...
High
Unreviewed
CVE-2023-39217
was published
Aug 8, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
High
CVE-2023-35157
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 22, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
High
CVE-2023-29508
was published
for
org.xwiki.platform:xwiki-platform-livedata-macro
(Maven)
Apr 12, 2023
XBlock vulnerable to Cross-Site Scripting (XSS)
High
CVE-2022-46147
was published
for
xblock-drag-and-drop-v2
(pip)
Dec 2, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
High
CVE-2022-36096
was published
for
org.xwiki.platform:xwiki-platform-index-ui
(Maven)
Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
High
CVE-2022-36097
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API