GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-7785
was published
Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-6877
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-5959
was published
Sep 18, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
Critical
Unreviewed
CVE-2024-33868
was published
May 14, 2024
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7...
Critical
Unreviewed
CVE-2024-42008
was published
Aug 5, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a...
Critical
Unreviewed
CVE-2024-42009
was published
Aug 5, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows...
Critical
Unreviewed
CVE-2024-45265
was published
Aug 26, 2024
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Critical
Unreviewed
CVE-2023-6452
was published
Aug 22, 2024
XWiki Platform allows XSS through XClass name in string properties
Critical
CVE-2024-43400
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 19, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows...
Critical
Unreviewed
CVE-2024-32340
was published
Apr 17, 2024
Azure Stack Hub Spoofing Vulnerability
Critical
Unreviewed
CVE-2024-38108
was published
Aug 13, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara...
Critical
Unreviewed
CVE-2024-40482
was published
Aug 12, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a...
Critical
Unreviewed
CVE-2024-28739
was published
Aug 6, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to...
Critical
Unreviewed
CVE-2024-28740
was published
Aug 6, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-41476
was published
Aug 12, 2024
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed...
Critical
Unreviewed
CVE-2024-43111
was published
Aug 6, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to...
Critical
Unreviewed
CVE-2024-40618
was published
Jul 11, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version...
Critical
Unreviewed
CVE-2024-6035
was published
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API