Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,338 advisories

Loading
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as... Low Unreviewed
CVE-2024-9075 was published Sep 22, 2024
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an... Low Unreviewed
CVE-2024-6251 was published Jun 22, 2024
A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic.... Low Unreviewed
CVE-2024-6252 was published Jun 22, 2024
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Low
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible Low Unreviewed
CVE-2024-46970 was published Sep 16, 2024
A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This... Low Unreviewed
CVE-2024-6082 was published Jun 18, 2024
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited,... Low Unreviewed
CVE-2024-27125 was published Sep 6, 2024
A vulnerability classified as problematic was found in SourceCodester Service Provider Management... Low Unreviewed
CVE-2024-6267 was published Jun 23, 2024
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject... Low Unreviewed
CVE-2024-38858 was published Sep 2, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-2179 was published for concrete5/concrete5 (Composer) Mar 5, 2024
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9... Low Unreviewed
CVE-2024-44918 was published Aug 30, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad Low
CVE-2023-7035 was published for automad/automad (Composer) Dec 21, 2023 withdrawn
marcantondahmen
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover Low
CVE-2024-43411 was published for ckeditor4 (npm) Aug 21, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2022-26328 was published Aug 21, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page Low Unreviewed
CVE-2024-43809 was published Aug 16, 2024
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin Low Unreviewed
CVE-2024-43808 was published Aug 16, 2024
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1... Low Unreviewed
CVE-2024-4187 was published Jul 31, 2024
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made... Low Unreviewed
CVE-2024-6692 was published Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
Concrete CMS Stored XSS in blocks of type file Low
CVE-2024-3180 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page Low Unreviewed
CVE-2024-41826 was published Jul 22, 2024
ProTip! Advisories are also available from the GraphQL API