GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Critical
Unreviewed
CVE-2024-23997
was published
Jul 5, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via...
Critical
Unreviewed
CVE-2024-23998
was published
Jul 5, 2024
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated...
Critical
Unreviewed
CVE-2024-31401
was published
Jun 11, 2024
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers...
Critical
Unreviewed
CVE-2024-31650
was published
Apr 15, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2020-35125
was published
for
mautic/core
(Composer)
May 15, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Critical
CVE-2024-34716
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35129
was published
for
mautic/core
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
Critical
CVE-2019-19212
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35128
was published
for
mautic/core
(Composer)
May 24, 2022
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or...
Critical
Unreviewed
CVE-2023-0625
was published
Sep 25, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow...
Critical
Unreviewed
CVE-2023-26270
was published
Aug 28, 2023
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
Critical
Unreviewed
CVE-2022-37830
was published
Oct 19, 2023
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application...
Critical
Unreviewed
CVE-2023-35796
was published
Oct 10, 2023
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable...
Critical
Unreviewed
CVE-2023-26218
was published
Sep 29, 2023
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious...
Critical
Unreviewed
CVE-2023-0829
was published
Sep 20, 2023
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated...
Critical
Unreviewed
CVE-2023-39612
was published
Sep 16, 2023
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows,...
Critical
Unreviewed
CVE-2023-2318
was published
Aug 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted...
Critical
Unreviewed
CVE-2023-2317
was published
Aug 19, 2023
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow...
Critical
Unreviewed
CVE-2023-27515
was published
Aug 11, 2023
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3...
Critical
Unreviewed
CVE-2022-29887
was published
Aug 11, 2023
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.
Critical
Unreviewed
CVE-2023-39007
was published
Aug 9, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD...
Critical
Unreviewed
CVE-2023-3526
was published
Aug 8, 2023
ProTip!
Advisories are also available from the
GraphQL API