Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,582 advisories

Loading
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
deno_doc's HTML generator vulnerable to Cross-site Scripting Low
CVE-2024-32468 was published for deno_doc (Rust) Nov 25, 2024
NeKzor
Credited to NeKzor
@sveltejs/kit vulnerable to XSS on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann teemingc
RDIL
Credited to benmccann, teemingc, and RDIL
@sveltejs/kit has unescaped error message included on error page Low
CVE-2024-53262 was published for @sveltejs/kit (npm) Nov 25, 2024
dominikg teemingc
benmccann
Credited to dominikg, teemingc, and benmccann
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-10710 was published Nov 25, 2024
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a... Low Unreviewed
CVE-2024-51337 was published Nov 21, 2024
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a... Low Unreviewed
CVE-2024-10515 was published Nov 20, 2024
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows... Low Unreviewed
CVE-2022-1226 was published Nov 15, 2024
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a... Low Unreviewed
CVE-2024-45099 was published Nov 14, 2024
Moodle Cross-site Scripting vulnerability Low
CVE-2024-43437 was published for moodle/moodle (Composer) Nov 11, 2024
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Duplicate Advisory: Umbraco CMS Cross-site Scripting vulnerability Low
GHSA-4gmq-m9vp-jrwg was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024 withdrawn
AndyButland
Credited to AndyButland
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-5532 was published Oct 28, 2024
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker... Low Unreviewed
CVE-2024-47486 was published Oct 18, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Credited to Kakashi1234
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings Low Unreviewed
CVE-2024-47950 was published Oct 8, 2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings Low Unreviewed
CVE-2024-47951 was published Oct 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43687 was published Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43686 was published Oct 4, 2024
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024 withdrawn
zoglo
Credited to zoglo
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
Zenario Cross Site Scripting in the Image library Low
CVE-2024-45964 was published for tribalsystems/zenario (Composer) Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Credited to minhnq1618
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database