GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
502 advisories
Filter by severity
@urql/next Cross-site Scripting vulnerability
High
CVE-2024-24556
was published
for
@urql/next
(npm)
Jan 30, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Moderate
GHSA-gjhc-6xm7-mc8q
was published
for
tinymce
(npm)
Jan 3, 2024
•
withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins
Moderate
GHSA-wxj2-777f-vxmf
was published
for
tinymce
(npm)
Jan 3, 2024
•
withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Moderate
GHSA-q5pp-5q2h-g8rv
was published
for
tinymce
(npm)
Jan 3, 2024
•
withdrawn
Layui cross-site scripting (XSS) vulnerability
Moderate
CVE-2023-50550
was published
for
layui
(npm)
Dec 30, 2023
Cross-site Scripting in @spscommerce/ds-react
Critical
GHSA-cfxh-frx4-9gjg
was published
for
@spscommerce/ds-react
(npm)
Dec 15, 2023
Cross Site Scripting in evershop
Moderate
CVE-2023-46494
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46499
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46495
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Moderate
CVE-2023-49293
was published
for
vite
(npm)
Dec 5, 2023
Attribute Injection leading to XSS(Cross-Site-Scripting)
Moderate
CVE-2023-49276
was published
for
uptime-kuma
(npm)
Nov 24, 2023
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability
Moderate
GHSA-hxjc-9j8v-v9pr
was published
for
ckeditor4
(npm)
Nov 16, 2023
•
withdrawn
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
Cross-site Scripting in cesium
Moderate
CVE-2023-48094
was published
for
cesium
(npm)
Nov 14, 2023
•
withdrawn
Bootbox.js Cross Site Scripting vulnerability
Moderate
CVE-2023-46998
was published
for
bootbox
(npm)
Nov 14, 2023
NASA Open MCT Cross Site Scripting vulnerability
Moderate
CVE-2023-45885
was published
for
openmct
(npm)
Nov 9, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
quill-mention Cross-site Scripting vulnerability
Moderate
CVE-2023-26149
was published
for
quill-mention
(npm)
Sep 28, 2023
Jodit Editor vulnerable to cross-site scripting
Moderate
CVE-2023-42399
was published
for
jodit
(npm)
Sep 19, 2023
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
High
CVE-2023-41049
was published
for
@dcl/single-sign-on-client
(npm)
Sep 4, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Moderate
CVE-2023-41167
was published
for
@webiny/react-rich-text-renderer
(npm)
Aug 24, 2023
@excalidraw/excalidraw Cross-site Scripting vulnerability
Moderate
CVE-2023-26140
was published
for
@excalidraw/excalidraw
(npm)
Aug 16, 2023
ProTip!
Advisories are also available from the
GraphQL API