Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,747
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34,938 advisories

Loading
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform... Low Unreviewed
CVE-2023-37530 was published Feb 29, 2024
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload... Moderate Unreviewed
CVE-2022-36677 was published Feb 29, 2024
A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0... Moderate Unreviewed
CVE-2024-25868 was published Feb 29, 2024
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious... Moderate Unreviewed
CVE-2024-21798 was published Feb 29, 2024
Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a remote attacker to escalate... Moderate Unreviewed
CVE-2024-26450 was published Feb 29, 2024
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic.... Moderate Unreviewed
CVE-2024-1972 was published Feb 29, 2024
A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to... Moderate Unreviewed
CVE-2024-25435 was published Feb 28, 2024
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the... Moderate Unreviewed
CVE-2023-52048 was published Feb 28, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html Moderate
CVE-2024-27285 was published for yard (RubyGems) Feb 28, 2024
avivkeller
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-1808 was published Feb 28, 2024
Potential Cross-Site Scripting (XSS) in the page editing area. High Unreviewed
CVE-2024-1636 was published Feb 28, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2023-50303 was published Feb 28, 2024
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an... Moderate Unreviewed
CVE-2024-26299 was published Feb 28, 2024
A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated... Moderate Unreviewed
CVE-2024-26300 was published Feb 28, 2024
Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7... Moderate Unreviewed
CVE-2024-26542 was published Feb 28, 2024
Magento LTS vulnerable to stored XSS in admin file form Moderate
GHSA-gp6m-fq6h-cjcx was published for openmage/magento-lts (Composer) Feb 27, 2024
Judx
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q yoshizawa-masatoshi
postmodern stdedos
In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a... Moderate Unreviewed
CVE-2024-25841 was published Feb 27, 2024
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected... Moderate Unreviewed
CVE-2023-48682 was published Feb 27, 2024
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following... Low Unreviewed
CVE-2023-48681 was published Feb 27, 2024
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as... Moderate Unreviewed
CVE-2024-1922 was published Feb 27, 2024
Subrion CMS vulnerable to Cross Site Scripting Moderate
CVE-2024-25399 was published for intelliants/subrion (Composer) Feb 27, 2024
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage.... Low Unreviewed
CVE-2023-48679 was published Feb 27, 2024
A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This... Moderate Unreviewed
CVE-2024-1919 was published Feb 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database