Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality Moderate
CVE-2024-35240 was published for Umbraco.Commerce (NuGet) May 28, 2024
RaphaelCSSilva
Umbraco Forms components vulnerable to Stored Cross-site Scripting Low
CVE-2024-35239 was published for Umbraco.Forms (NuGet) May 28, 2024
RaphaelCSSilva
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane Moderate
CVE-2024-35218 was published for UmbracoCms.Core (NuGet) May 21, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for jQuery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
DOM-XSS on Backoffice login screen. Moderate
CVE-2023-48313 was published for Umbraco.CMS (NuGet) Dec 13, 2023
RaphaelCSSilva
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2010-1459 was published for mono (NuGet) May 2, 2022
Possible injection of HTML into user invite mails Low
CVE-2023-38694 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21911 was published for TinyMCE (Composer) Jan 6, 2021
emilwareus
OWASP.AntiSamy mXSS when preserving comments Moderate
CVE-2023-51652 was published for OWASP.AntiSamy (NuGet) Jan 2, 2024
leeN spassarop
Stored XSS via SVG File Upload Low
CVE-2023-49279 was published for Umbraco.CMS (NuGet) Dec 13, 2023
S3ntago
Ajax Pro Cross-site Scripting Moderate
CVE-2023-49289 was published for AjaxNetProfessional (NuGet) Dec 5, 2023
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes Moderate
CVE-2023-48219 was published for TinyMCE (Composer) Nov 15, 2023
masatokinugawa
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
SSCMS vulnerable to Cross Site Scripting Moderate
CVE-2023-2862 was published for SSCMS (NuGet) May 24, 2023
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API