GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
312 advisories
Filter by severity
Cross-site Scripting in djangorestframework
Moderate
CVE-2024-21520
was published
for
djangorestframework
(pip)
Jun 26, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Moderate
GHSA-hjx6-f647-mvf9
was published
for
invenio-communities
(pip)
Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
Arbitrary JavaScript execution due to using outdated libraries
Low
GHSA-4m3g-6r7g-jv4f
was published
for
gradio_pdf
(pip)
Jun 5, 2024
ansibleguy-webui Cross-site Scripting vulnerability
High
CVE-2024-36110
was published
for
ansibleguy-webui
(pip)
May 28, 2024
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Moderate
CVE-2024-32077
was published
for
apache-airflow
(pip)
May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
High
CVE-2024-34707
was published
for
nautobot
(pip)
May 13, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Moderate
CVE-2024-34064
was published
for
Jinja2
(pip)
May 6, 2024
changedetection.io Cross-site Scripting vulnerability
Moderate
CVE-2024-34061
was published
for
changedetection.io
(pip)
May 3, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
High
CVE-2024-4216
was published
for
pgAdmin4
(pip)
May 2, 2024
nautobot has reflected Cross-site Scripting potential in all object list views
High
CVE-2024-32979
was published
for
nautobot
(pip)
May 1, 2024
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Moderate
CVE-2024-27306
was published
for
aiohttp
(pip)
Apr 18, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb
Moderate
CVE-2024-3575
was published
for
mindsdb
(pip)
Apr 16, 2024
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
High
CVE-2024-30248
was published
for
piccolo-admin
(pip)
Apr 1, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Moderate
CVE-2024-28237
was published
for
OctoPrint
(pip)
Mar 18, 2024
Whoogle Search Cross-site Scripting vulnerability
Moderate
CVE-2024-22417
was published
for
whoogle-search
(pip)
Mar 14, 2024
Django MarkdownX Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-2319
was published
for
django-markdownx
(pip)
Mar 8, 2024
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Moderate
CVE-2024-27287
was published
for
esphome
(pip)
Mar 6, 2024
Docassemble HTML and javascript injection
Moderate
CVE-2024-27290
was published
for
docassemble.webapp
(pip)
Feb 29, 2024
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Moderate
CVE-2024-27083
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
High
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
ProTip!
Advisories are also available from the
GraphQL API