Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

332 advisories

Loading
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to... Critical Unreviewed
CVE-2024-40618 was published Jul 11, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version... Critical Unreviewed
CVE-2024-6035 was published Jul 11, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed
CVE-2024-23997 was published Jul 5, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via... Critical Unreviewed
CVE-2024-23998 was published Jul 5, 2024
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated... Critical Unreviewed
CVE-2024-31401 was published Jun 11, 2024
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers... Critical Unreviewed
CVE-2024-31650 was published Apr 15, 2024
Cross-site scripting on application summary component Critical
CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
Ry0taK agaudreault
crenshaw-dev
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php Critical
CVE-2019-19212 was published for dolibarr/dolibarr (Composer) May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or... Critical Unreviewed
CVE-2023-0625 was published Sep 25, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow... Critical Unreviewed
CVE-2023-26270 was published Aug 28, 2023
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). Critical Unreviewed
CVE-2022-37830 was published Oct 19, 2023
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application... Critical Unreviewed
CVE-2023-35796 was published Oct 10, 2023
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable... Critical Unreviewed
CVE-2023-26218 was published Sep 29, 2023
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious... Critical Unreviewed
CVE-2023-0829 was published Sep 20, 2023
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated... Critical Unreviewed
CVE-2023-39612 was published Sep 16, 2023
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows,... Critical Unreviewed
CVE-2023-2318 was published Aug 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted... Critical Unreviewed
CVE-2023-2317 was published Aug 19, 2023
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow... Critical Unreviewed
CVE-2023-27515 was published Aug 11, 2023
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3... Critical Unreviewed
CVE-2022-29887 was published Aug 11, 2023
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS. Critical Unreviewed
CVE-2023-39007 was published Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database