GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,757
Composer 4,749
Erlang 35
GitHub Actions 29
Go 2,321
Maven 5,607
npm 3,955
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 972
Swift 38

Unreviewed advisories

All unreviewed 258,238

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

208 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote... Critical Unreviewed

CVE-2024-3847 was published Apr 17, 2024

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers... Critical Unreviewed

CVE-2024-31650 was published Apr 15, 2024

Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary... Critical Unreviewed

CVE-2024-22718 was published Apr 11, 2024

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because... Critical Unreviewed

CVE-2024-2692 was published Apr 4, 2024

Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0... Critical Unreviewed

CVE-2024-24275 was published Mar 6, 2024

Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4... Critical Unreviewed

CVE-2024-24276 was published Mar 6, 2024

Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute... Critical Unreviewed

CVE-2024-25292 was published Feb 29, 2024

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a... Critical Unreviewed

CVE-2024-1676 was published Feb 21, 2024

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the... Critical Unreviewed

CVE-2023-50808 was published Feb 13, 2024

Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker... Critical Unreviewed

CVE-2023-48974 was published Feb 8, 2024

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro... Critical Unreviewed

CVE-2024-24594 was published Feb 6, 2024

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName... Critical Unreviewed

CVE-2023-48728 was published Jan 10, 2024

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality... Critical Unreviewed

CVE-2023-47861 was published Jan 10, 2024

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because... Critical Unreviewed

CVE-2023-50982 was published Jan 8, 2024

Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code... Critical Unreviewed

CVE-2023-31546 was published Dec 14, 2023

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. Critical Unreviewed

CVE-2023-6013 was published Nov 16, 2023

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows... Critical Unreviewed

CVE-2023-1716 was published Nov 1, 2023

A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300... Critical Unreviewed

CVE-2023-1715 was published Nov 1, 2023

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system... Critical Unreviewed

CVE-2023-45869 was published Oct 26, 2023

Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). Critical Unreviewed

CVE-2022-37830 was published Oct 19, 2023

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application... Critical Unreviewed

CVE-2023-35796 was published Oct 10, 2023

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable... Critical Unreviewed

CVE-2023-26218 was published Sep 29, 2023

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or... Critical Unreviewed

CVE-2023-0625 was published Sep 25, 2023

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious... Critical Unreviewed

CVE-2023-0829 was published Sep 20, 2023

A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated... Critical Unreviewed

CVE-2023-39612 was published Sep 16, 2023

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

208 advisories