Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,221 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44009 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44007 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43970 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44060 was published Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-45459 was published Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44053 was published Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-45458 was published Sep 16, 2024
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site... High Unreviewed
CVE-2024-39926 was published Sep 13, 2024
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls... High Unreviewed
CVE-2024-8696 was published Sep 12, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability High Unreviewed
CVE-2024-43476 was published Sep 10, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2024-1596 was published Sep 7, 2024
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If... High Unreviewed
CVE-2024-38640 was published Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited... High Unreviewed
CVE-2024-32762 was published Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating... High Unreviewed
CVE-2024-21897 was published Sep 6, 2024
Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full... High Unreviewed
CVE-2024-44728 was published Sep 5, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-2166 was published Sep 5, 2024
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation... High Unreviewed
CVE-2024-7654 was published Sep 3, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on... High Unreviewed
CVE-2024-7932 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on... High Unreviewed
CVE-2024-7939 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release... High Unreviewed
CVE-2024-7938 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry... High Unreviewed
CVE-2024-8004 was published Sep 2, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43921 was published Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of... High Unreviewed
CVE-2024-44778 was published Aug 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database