Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34,874 advisories

Loading
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2023-43051 was published Feb 26, 2024
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field Moderate
CVE-2024-26481 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara
Kirby vulnerable to unrestricted file upload of user avatar images Moderate
CVE-2024-26483 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara
The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross... Moderate Unreviewed
CVE-2024-1810 was published Feb 24, 2024
Cross-site Scripting in MLFlow Critical
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd gabby202308
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been... Moderate Unreviewed
CVE-2024-1834 was published Feb 23, 2024
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System... Low Unreviewed
CVE-2024-1822 was published Feb 23, 2024
A vulnerability, which was classified as problematic, was found in CodeAstro House Rental... Moderate Unreviewed
CVE-2024-1825 was published Feb 23, 2024
Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without... Moderate Unreviewed
CVE-2024-22776 was published Feb 23, 2024
The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that... Moderate Unreviewed
CVE-2023-4826 was published Feb 23, 2024
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-1590 was published Feb 23, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
Potentially untrusted input is rendered as HTML in final output High
CVE-2024-26151 was published for mjml (pip) Feb 22, 2024
sh-at-cs
A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best... Low Unreviewed
CVE-2024-1749 was published Feb 22, 2024
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run... Moderate Unreviewed
CVE-2024-25369 was published Feb 22, 2024
WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). Moderate Unreviewed
CVE-2024-22547 was published Feb 22, 2024
baserCMS Cross-site Scripting vulnerability in Site search Feature Moderate
CVE-2023-44379 was published for baserproject/basercms (Composer) Feb 22, 2024
baserCMS Cross-site Scripting vulnerability in Content Management Moderate
CVE-2024-26128 was published for baserproject/basercms (Composer) Feb 22, 2024
Enhavo Cross-site Scripting vulnerability Moderate
CVE-2024-25876 was published for enhavo/enhavo-app (Composer) Feb 22, 2024
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed... Moderate Unreviewed
CVE-2024-26281 was published Feb 22, 2024
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS... Moderate Unreviewed
CVE-2024-26284 was published Feb 22, 2024
Enhavo Cross-site Scripting vulnerability Moderate
CVE-2024-25875 was published for enhavo/enhavo-app (Composer) Feb 22, 2024
Enhavo Cross-site Scripting vulnerability Moderate
CVE-2024-25874 was published for enhavo/enhavo-app (Composer) Feb 22, 2024
Apache Answer Cross-site Scripting vulnerability Moderate
CVE-2024-23349 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database