GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
502 advisories
Filter by severity
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
Cross site scripting in datatables.net
Moderate
CVE-2021-23445
was published
for
datatables.net
(npm)
Sep 29, 2021
SummerNote Cross Site Scripting Vulnerability
Moderate
CVE-2024-37629
was published
for
summernote
(npm)
Jun 12, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
vxe-table Cross-site Scripting vulnerability
Low
CVE-2023-1001
was published
for
vxe-table
(npm)
May 24, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Konga is vulnerable to Cross Site Scripting (XSS) attacks
Moderate
CVE-2024-34243
was published
for
kongadmin
(npm)
May 14, 2024
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
High
CVE-2023-49781
was published
for
nocodb
(npm)
May 13, 2024
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
High
CVE-2024-34342
was published
for
react-pdf
(npm)
May 7, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element
Moderate
CVE-2024-34449
was published
for
vditor
(npm)
May 3, 2024
statics-server Cross-site Scripting vulnerability
Moderate
CVE-2018-3771
was published
for
statics-server
(npm)
May 13, 2022
MediaElement Vulnerable to Reflected XSS
Moderate
CVE-2016-4567
was published
for
contao-components/mediaelement
(Composer)
May 17, 2022
Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags
Moderate
CVE-2021-33295
was published
for
joplin
(npm)
Jun 17, 2022
Joplin Vulnerable to Cross-site Scripting in Note Content
Moderate
CVE-2018-1000534
was published
for
joplin
(npm)
May 14, 2022
Joplin vulnerable to Cross-site Scripting in notes
Moderate
CVE-2021-37916
was published
for
joplin
(npm)
May 24, 2022
GitBook allows Cross-site Scripting via a local .md file.
Moderate
CVE-2019-19596
was published
for
gitbook
(npm)
May 24, 2022
Shiba vulnerable to XSS leading to code execution
Moderate
CVE-2017-1000491
was published
for
shiba
(npm)
May 14, 2022
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Moderate
CVE-2024-32472
was published
for
@excalidraw/excalidraw
(npm)
Apr 17, 2024
Summernote vulnerable to cross-site scripting
Moderate
CVE-2024-29504
was published
for
summernote
(npm)
Apr 11, 2024
jQuery-Upload-File XSS in fileNameStr
Moderate
CVE-2021-37504
was published
for
jquery-file-upload
(npm)
Feb 26, 2022
ProTip!
Advisories are also available from the
GraphQL API