Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed
CVE-2024-23997 was published Jul 5, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via... Critical Unreviewed
CVE-2024-23998 was published Jul 5, 2024
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated... Critical Unreviewed
CVE-2024-31401 was published Jun 11, 2024
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers... Critical Unreviewed
CVE-2024-31650 was published Apr 15, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Cross-site scripting on application summary component Critical
CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
Ry0taK agaudreault
crenshaw-dev
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php Critical
CVE-2019-19212 was published for dolibarr/dolibarr (Composer) May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or... Critical Unreviewed
CVE-2023-0625 was published Sep 25, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow... Critical Unreviewed
CVE-2023-26270 was published Aug 28, 2023
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). Critical Unreviewed
CVE-2022-37830 was published Oct 19, 2023
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application... Critical Unreviewed
CVE-2023-35796 was published Oct 10, 2023
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable... Critical Unreviewed
CVE-2023-26218 was published Sep 29, 2023
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious... Critical Unreviewed
CVE-2023-0829 was published Sep 20, 2023
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated... Critical Unreviewed
CVE-2023-39612 was published Sep 16, 2023
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows,... Critical Unreviewed
CVE-2023-2318 was published Aug 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted... Critical Unreviewed
CVE-2023-2317 was published Aug 19, 2023
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow... Critical Unreviewed
CVE-2023-27515 was published Aug 11, 2023
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3... Critical Unreviewed
CVE-2022-29887 was published Aug 11, 2023
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS. Critical Unreviewed
CVE-2023-39007 was published Aug 9, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD... Critical Unreviewed
CVE-2023-3526 was published Aug 8, 2023
ProTip! Advisories are also available from the GraphQL API