Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

312 advisories

Loading
Cross-site Scripting in djangorestframework Moderate
CVE-2024-21520 was published for djangorestframework (pip) Jun 26, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components Moderate
GHSA-hjx6-f647-mvf9 was published for invenio-communities (pip) Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya
ydata cross-site scripting High
CVE-2024-37063 was published for ydata-profiling (pip) Jun 4, 2024
ansibleguy-webui Cross-site Scripting vulnerability High
CVE-2024-36110 was published for ansibleguy-webui (pip) May 28, 2024
ntrampham ansibleguy
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Moderate
CVE-2024-32077 was published for apache-airflow (pip) May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
nautobot has reflected Cross-site Scripting potential in all object list views High
CVE-2024-32979 was published for nautobot (pip) May 1, 2024
michaelpanorios
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Cross-site Scripting (XSS) in mindsdb/mindsdb Moderate
CVE-2024-3575 was published for mindsdb (pip) Apr 16, 2024
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page High
CVE-2024-30248 was published for piccolo-admin (pip) Apr 1, 2024
Skelmis
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi
Whoogle Search Cross-site Scripting vulnerability Moderate
CVE-2024-22417 was published for whoogle-search (pip) Mar 14, 2024
Django MarkdownX Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-2319 was published for django-markdownx (pip) Mar 8, 2024
esphome vulnerable to stored Cross-site Scripting in edit configuration file API Moderate
CVE-2024-27287 was published for esphome (pip) Mar 6, 2024
Docassemble HTML and javascript injection Moderate
CVE-2024-27290 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
Cross-site Scripting in MLFlow High
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution High
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API